Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 acting weird but nothing found


  • This topic is locked This topic is locked
10 replies to this topic

#1 StepTNT

StepTNT

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 14 July 2014 - 11:22 AM

I've got a new Windows 8.1 x64 setup that, during the last week, started to act a bit weird without a reason.

I do not install software from untrusted sources and I always keep everything under control, but I guess that something went wrong.

 

The first symptom was the strange behavior of Firefox when trying to download something: it suddenly started to show an error popuo saying that it cannot read the file on %TEMP%\fileName.ext and so the download fails.

The same download works fine on Chrome though.

 

The next thing I've noticed is still in Firefox.

Right clicking on a completed download and clicking on "Open folder" sometimes fails without any kind of messages and I need to click it again a few times before actually getting to the folder.

 

Another strange behavior is that sometimes the shutdown takes really forever while the average for my machine is 2/3 seconds of boot/shutdown.

 

I don't use any commercial antivirus, just Spybot Search & Destroy and Windows Defender, so I decided to do some checks with some known software to see if there's something wrong on my pc.

 

I downloaded gmer and I discovered a not-so-funny thing: it crashes right on startup after finishing to enumerate some registry entries.

With gmer I also discovered another strange thing: no UAC window appeared, even if I was running it as Administrator. So I went into my settings and I found out that UAC was disabled, but I never did that.

 

After failing with gmer I installed MalwareBytes and their beta rootkit removal tool but none of them found anything strange.

 

So I tried with aswMBR and it showed some kind of rootkit within Unity's WebPlayer uninstall.exe file (Unity is a game development engine).

(About Unity, I installed the free version on my laptop with Avast and Avast detected the same file as rootkit, and the setup file is the one downloaded from their site, 100% legit).

 

After a little bit of googling I found out that Avast uses the gmer engine for rootkit detection, so I installed it and did a full scan with the same result of aswMBR (and I expected it since aswMBR is included in Avast).

 

Since all of my tries failed, here I am with this topic.

Following the instructions I downloaded dds.com but...

 

dds.png

 

even if I'm not using any compatibility mode.

 

I'm assuming that this program just lists all the running processes, so I ran HijackThis and this is the result:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:18:06, on 14/07/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)

FIREFOX: 30.0 (it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\FSTU.exe
C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\AsrSvc.exe
C:\Users\Stefano\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Stefano\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Stefano\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\Users\Stefano\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [BrowserChoice] "C:\Windows\BrowserChoice\browserchoice.exe" /run
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [f.lux] "C:\Users\Stefano\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Stefano\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\RunOnce: [AsrOMG_Run] 1
O4 - Startup: Dropbox.lnk = Stefano\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Samsung Magician.lnk = C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00A10E5-DF76-4442-9BE3-6B71823297FE}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: ASRock IO Monitor Service (ASRockIOMon) - Unknown owner - C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12617 bytes

Before writing this post I even did a scan with TDSKiller but I got no results (even if I left the "Loaded Modules" unchecked because I can't reboot now).

 

 

If you need more infos, please just ask and I'll do my best to provide everything needed to do some diagnostics on my machine.

 

Thanks



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:28 PM

Posted 18 July 2014 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is also not completely compatible with a 64 Bit operating system.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 StepTNT

StepTNT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 18 July 2014 - 10:26 AM

Here's the AdwCleaner log.

I've not found a way to change the program's language, so please tell me if you need it translated.

 

# AdwCleaner v3.216 - Rapporto creato 18/07/2014 in 17:11:34
# Aggiornato 17/07/2014 di Xplode
# Sistema operativo : Windows 8.1 Pro  (64 bits)
# Nome utente : Stefano - STDJ-FISSO
# In esecuzione da : C:\Users\Stefano\Desktop\adwcleaner_3.216.exe
# Opzione : Scansiona

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\isreaditlater@ideashower.com
File Trovato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Collegamenti ] *****


***** [ Registro ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (it)

[ File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\prefs.js ]

Trovata riga : user_pref("extensions.greasemonkey.scriptvals.unfriend_finder/Unfriend Finder.1573713252_awaitingRequests", "{\"100000854770919\":{\"uid\":100000854770919,\"name\":\"Facebook User\",\"picture\":\"hxxps:[...]

[ File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\ix8gqdyo.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1448 octets] - [18/07/2014 17:04:51]
AdwCleaner[R1].txt - [1508 octets] - [18/07/2014 17:08:14]
AdwCleaner[R2].txt - [1426 octets] - [18/07/2014 17:11:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1486 octets] ##########

 

 

Farbar's FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Stefano (administrator) on STDJ-FISSO on 18-07-2014 17:12:59
Running from C:\Users\Stefano\Desktop
Platform: Windows 8.1 Pro (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASRock Incorporation) C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\FSTU.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Flux Software LLC) C:\Users\Stefano\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Users\Stefano\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASRock Incorporation) C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\AsrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(BitTorrent Inc.) C:\Users\Stefano\AppData\Roaming\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
() C:\Users\Stefano\Desktop\adwcleaner_3.216.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\WINDOWS\SysWOW64\MAFWTray.exe [252424 2009-07-29] (Avid Technology, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-12] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [f.lux] => C:\Users\Stefano\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [Spotify Web Helper] => C:\Users\Stefano\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-26] (Spotify Ltd)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day0] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day1] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day2] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day3] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day4] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day5] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Day6] - 0x00000000
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\RunOnce: [AsrOMG_Run] - 1
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\MountPoints2: {05229dd6-d915-11e3-8250-d05099074fc5} - "E:\setup.exe"
Startup: C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stefano\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ###MegaShellExtPending -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Stefano\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: ###MegaShellExtSynced -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Stefano\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: ###MegaShellExtSyncing -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Stefano\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {7F70C662-9B45-4FE0-8FE2-D4EFC67D0A75} => C:\WINDOWS\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ###MegaShellExtPending -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Stefano\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: ###MegaShellExtSynced -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Stefano\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: ###MegaShellExtSyncing -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Stefano\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {7F70C662-9B45-4FE0-8FE2-D4EFC67D0A75} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A00A10E5-DF76-4442-9BE3-6B71823297FE}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Stefano\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Advanced Cookie Manager - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\cookiemgr@jayapal.com [2014-05-11]
FF Extension: Downloads Context Menu - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\downloadscontextmenu@bmproductions [2014-05-11]
FF Extension: FireFox Tweak - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\firefoxtweak@pribic.am [2014-05-11]
FF Extension: FoxyProxy Standard - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\foxyproxy@eric.h.jung [2014-05-11]
FF Extension: HTTPS-Everywhere - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\https-everywhere@eff.org [2014-06-26]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\ich@maltegoetz.de [2014-05-11]
FF Extension: DOM Inspector - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\inspector@mozilla.org [2014-05-11]
FF Extension: Pocket - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\isreaditlater@ideashower.com [2014-07-03]
FF Extension: DebridFF - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\jid0-HE5HvmWWBQaDXgq7A7fBAL0UUCs@jetpack [2014-05-11]
FF Extension: Master Password+ - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\masterpasswordtimeoutplus@vano [2014-05-11]
FF Extension: iMacros for Firefox - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-24]
FF Extension: Live HTTP Headers - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-05-11]
FF Extension: Cookies Manager+ - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2014-05-11]
FF Extension: Memory Fox - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-05-11]
FF Extension: about:addons-memory - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\about-addons-memory@tn123.org.xpi [2014-05-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-05-11]
FF Extension: FacebookBlocker - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\facebookBlocker@webgraph.com.xpi [2014-05-11]
FF Extension: facepaste - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\facepaste.firefox.addon@azabani.com.xpi [2014-05-13]
FF Extension: Firebug - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-18]
FF Extension: FireDownload - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\firedownload@mozilla.org.xpi [2014-05-11]
FF Extension: Fireforce - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\fireforce@scrt.ch.xpi [2014-05-11]
FF Extension: Ghostery - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\firefox@ghostery.com.xpi [2014-05-11]
FF Extension: MEGA EXTENSION - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\firefox@mega.co.nz.xpi [2014-05-11]
FF Extension: Unfriend Finder - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\firefox@unfriendfinder.com.xpi [2014-05-11]
FF Extension: Stop YouTube Autoplay - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\jid0-Pm0nbsggUvL00CBoW6YwCaqv8bk@jetpack.xpi [2014-05-11]
FF Extension: Add-on Builder Helper (discontinued) - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\jid0-t3eeRQgGANLCH9c50lPqcTDuNng@jetpack.xpi [2014-05-11]
FF Extension: Hide Unwanted Results of Google Search - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\jid0-TpZJ4wPImlT1zIqfw58bD9vOeWQ@jetpack.xpi [2014-05-11]
FF Extension: copy-link-title - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\jid1-qhBMZfINoXeANg@jetpack.xpi [2014-05-11]
FF Extension: SmartVideo For YouTube - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\mytube@ashishmishra.in.xpi [2014-05-11]
FF Extension: Personas Plus - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\personas@christopher.beard.xpi [2014-05-11]
FF Extension: Remote XUL Manager - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\remotexulmanager@xulforge.com.xpi [2014-05-11]
FF Extension: SkipScreen - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\SkipScreen@SkipScreen.xpi [2014-05-11]
FF Extension: SQLite Manager - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2014-05-11]
FF Extension: Status-4-Evar - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\status4evar@caligonstudios.com.xpi [2014-05-11]
FF Extension: Turn Off the Lights - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\stefanvandamme@stefanvd.net.xpi [2014-05-11]
FF Extension: Test Pilot - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-05-11]
FF Extension: Adblock Plus Filter Uploader - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\uploader@adblockfilters.mozdev.org.xpi [2014-05-11]
FF Extension: Vacuum Places Improved - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi [2014-05-11]
FF Extension: ВКонтакте.ру Downloader - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\vk@sergeykolosov.mp.xpi [2014-05-11]
FF Extension: YouTube to MP3 - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-05-11]
FF Extension: YouTube Auto Replay - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\YouTubeAutoReplay@arikv.com.xpi [2014-05-11]
FF Extension: FlashGot - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-05-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-05-11]
FF Extension: Textarea Cache - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2014-05-11]
FF Extension: NoScript - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-11]
FF Extension: TryAgain - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}.xpi [2014-05-11]
FF Extension: Tamper Data - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-05-11]
FF Extension: Abduction! - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-05-27]
FF Extension: Fasterfox - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2014-05-11]
FF Extension: Adblock Plus - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11]
FF Extension: DownThemAll! - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-11]
FF Extension: Download Manager Tweak - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\9obayw24.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2014-05-11]

Chrome:
=======
CHR Extension: (Documenti Google) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-11]
CHR Extension: (Google Drive) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (YouTube) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11]
CHR Extension: (Adblock Plus) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-24]
CHR Extension: (Ricerca Google) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]
CHR Extension: (Google Wallet) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR Extension: (Gmail) - C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11]

==================== Services (Whitelisted) =================

R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-11] (BitRaider, LLC)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [976672 2014-06-10] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 vmms; C:\Windows\system32\vmms.exe [13401600 2014-05-10] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-05-11] (ASRock Incorporation)
R3 AsrHidFilter; C:\Windows\system32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\drivers\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-11] (Disc Soft Ltd)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2014-05-11] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-05-17] (Microsoft Corporation)
S3 MAFW; C:\Windows\system32\DRIVERS\mafw.sys [231944 2009-07-29] (Avid Technology, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-05-17] (Microsoft Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-05-17] (Microsoft Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 t1394bus; C:\Windows\System32\drivers\t1394bus_x64.sys [191544 2009-06-17] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-11] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-05-11] (Acronis)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-05-17] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-11] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-11] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-11] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-11] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-06-18] (Basil Projects)
R3 ysusb64; C:\Windows\system32\drivers\ysusb64.sys [120104 2013-09-20] (Yamaha Corporation)
S3 AsrSetupDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AsrSetupDrv.sys [X]
S3 AxtuDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 17:12 - 2014-07-18 17:13 - 00035753 _____ () C:\Users\Stefano\Desktop\FRST.txt
2014-07-18 17:12 - 2014-07-18 17:13 - 00000000 ____D () C:\FRST
2014-07-18 17:11 - 2014-07-18 17:11 - 02086912 _____ (Farbar) C:\Users\Stefano\Desktop\FRST64.exe
2014-07-18 17:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-18 17:04 - 2014-07-18 17:11 - 00000000 ____D () C:\AdwCleaner
2014-07-18 17:03 - 2014-07-18 17:03 - 01354223 _____ () C:\Users\Stefano\Desktop\adwcleaner_3.216.exe
2014-07-18 13:36 - 2014-07-18 13:36 - 00003048 _____ () C:\WINDOWS\System32\Tasks\AsrKM
2014-07-17 20:34 - 2014-07-17 20:34 - 17050168 _____ (Focusrite Audio Engineering Ltd. ) C:\Users\Stefano\Downloads\vrm-box-1.4.exe
2014-07-17 18:25 - 2014-07-17 18:25 - 00024421 _____ () C:\Users\Stefano\Downloads\Porter-Robinson-Urban-Cone-Lionhearted-Huntroxic-20140624182051-nonstop2k.com.mid
2014-07-16 17:15 - 2014-07-16 17:27 - 36514762 _____ () C:\Users\Stefano\Downloads\PRLR.zip
2014-07-16 11:58 - 2014-07-16 11:58 - 17574778 _____ (RubyInstaller Team ) C:\Users\Stefano\Downloads\rubyinstaller-2.0.0-p481-x64.exe
2014-07-15 22:37 - 2014-07-15 22:37 - 00000000 ____D () C:\Users\Stefano\Desktop\google-cloud-sdk
2014-07-15 22:26 - 2014-07-15 22:26 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK
2014-07-15 22:23 - 2014-07-15 22:31 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\gcloud
2014-07-15 22:22 - 2014-07-15 22:22 - 00000000 ____D () C:\python27_x64
2014-07-15 22:22 - 2014-07-15 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-07-15 22:21 - 2014-07-15 22:21 - 00000000 ____D () C:\Program Files\Google
2014-07-15 22:20 - 2014-07-15 22:20 - 00715304 _____ () C:\Users\Stefano\Downloads\GoogleCloudSDKInstaller.exe
2014-07-15 22:05 - 2014-07-15 22:05 - 32454608 _____ ( ) C:\Users\Stefano\Downloads\heroku-toolbelt.exe
2014-07-15 21:30 - 2014-07-15 21:42 - 00001758 _____ () C:\Users\Stefano\Desktop\push.txt
2014-07-15 21:11 - 2014-07-15 23:33 - 00000000 ____D () C:\Users\Stefano\Desktop\WP8
2014-07-15 18:15 - 2014-07-15 18:15 - 00297387 _____ () C:\Users\Stefano\Downloads\jsoup-1.7.3.jar
2014-07-15 18:13 - 2014-07-15 18:14 - 00111603 _____ () C:\Users\Stefano\Desktop\africa.html
2014-07-15 17:34 - 2014-07-15 17:34 - 00000000 ____D () C:\Users\Stefano\Desktop\App42_CustomCode_Sample-master
2014-07-15 17:31 - 2014-07-15 20:26 - 00000000 ____D () C:\Users\Stefano\Documents\Librerie WP
2014-07-15 17:31 - 2014-07-15 17:31 - 00000000 ____D () C:\Users\Stefano\Downloads\Nuova cartella
2014-07-15 17:29 - 2014-07-15 17:29 - 01603127 _____ () C:\Users\Stefano\Downloads\App42_WINDOWS_SDK-master.zip
2014-07-15 11:45 - 2014-07-15 11:45 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 11:45 - 2014-07-15 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-14 17:52 - 2014-07-14 18:18 - 00012619 _____ () C:\Users\Stefano\Downloads\hijackthis.log
2014-07-14 17:52 - 2014-07-14 17:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Stefano\Downloads\HijackThis.exe
2014-07-14 17:50 - 2014-07-14 17:50 - 00688992 _____ (Swearware) C:\Users\Stefano\Downloads\dds.com
2014-07-14 17:46 - 2014-07-14 17:46 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Stefano\Downloads\tdsskiller.exe
2014-07-14 16:30 - 2014-07-14 16:30 - 01428552 _____ (Markus Stein ) C:\Users\Stefano\Downloads\MP3Test_v1.7.0.172.exe
2014-07-14 16:30 - 2014-07-14 16:30 - 00000000 ___RD () C:\Sandbox
2014-07-14 16:27 - 2014-07-14 16:28 - 00000085 _____ () C:\Users\Stefano\Desktop\mp3val-frontend.ini
2014-07-12 19:37 - 2014-07-12 19:45 - 00000000 __HDC () C:\ProgramData\{46016C81-6B2A-48A6-9AD7-5E4749FFDC18}
2014-07-12 14:58 - 2014-07-12 15:17 - 02883998 _____ () C:\Users\Stefano\Downloads\AGB_323_fs_kernel_mod_1.1.zip
2014-07-12 14:58 - 2014-07-12 15:17 - 02716624 _____ () C:\Users\Stefano\Downloads\USR_AGB_260207_2352.zip
2014-07-12 14:58 - 2014-07-12 15:17 - 01490862 _____ () C:\Users\Stefano\Downloads\AGB_323_fs_kernel_psiclear.zip
2014-07-12 14:50 - 2014-07-12 14:50 - 00002233 _____ () C:\Users\Stefano\Downloads\md5.h
2014-07-12 12:39 - 2014-07-14 08:57 - 00001580 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-12 12:39 - 2014-07-12 12:36 - 00000918 _____ () C:\Users\Stefano\Desktop\Browser Web nell'area virtuale.lnk
2014-07-12 12:37 - 2014-07-12 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-12 12:36 - 2014-07-12 12:36 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Stefano\Downloads\SandboxieInstall.exe
2014-07-12 12:36 - 2014-07-12 12:36 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Stefano\Downloads\SandboxieInstall(1).exe
2014-07-12 12:36 - 2014-07-12 12:36 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-12 11:46 - 2014-07-12 11:45 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 11:41 - 2014-07-12 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-12 11:41 - 2014-07-12 11:41 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-12 11:20 - 2014-07-12 11:20 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\AVAST Software
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-12 11:19 - 2014-07-12 11:20 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-12 11:19 - 2014-07-12 11:20 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-12 11:19 - 2014-07-12 11:19 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-12 11:19 - 2014-07-12 11:19 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-12 11:19 - 2014-07-12 11:19 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-12 11:18 - 2014-07-12 11:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-12 11:17 - 2014-07-12 11:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-12 11:17 - 2014-07-12 11:17 - 04862664 _____ (AVAST Software) C:\Users\Stefano\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 11:12 - 2014-07-12 11:12 - 05218570 _____ (Swearware) C:\Users\Stefano\Downloads\ComboFix.exe
2014-07-12 11:11 - 2014-07-12 11:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 11:10 - 2014-07-12 11:17 - 00000000 ____D () C:\Users\Stefano\Desktop\mbar
2014-07-12 10:59 - 2014-07-12 10:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Stefano\Downloads\mbar-1.07.0.1012.exe
2014-07-12 10:56 - 2014-07-12 10:56 - 05185536 _____ (AVAST Software) C:\Users\Stefano\Downloads\aswmbr.exe
2014-07-12 10:54 - 2014-07-12 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 10:53 - 2014-07-12 10:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefano\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-12 10:53 - 2014-07-12 10:53 - 00380416 _____ () C:\Users\Stefano\Downloads\ubsqhbvr.exe
2014-07-12 10:51 - 2014-07-12 10:51 - 00000870 _____ () C:\Users\Stefano\Desktop\pc simone.txt
2014-07-11 23:39 - 2014-07-11 23:41 - 25422164 _____ () C:\Users\Stefano\Downloads\FL Studio Series #01 - Big Room & Dirtyzip.zip
2014-07-11 23:39 - 2014-07-11 23:41 - 25059097 _____ () C:\Users\Stefano\Downloads\FL Studio Series #04 - Progressive House.zip
2014-07-11 23:39 - 2014-07-11 23:40 - 16909132 _____ () C:\Users\Stefano\Downloads\FL Studio Series #02 Big Room..zip
2014-07-11 23:20 - 2014-07-11 23:20 - 18041738 _____ () C:\Users\Stefano\Downloads\Dimitri Vangelis & Wyman X Steve Angello - Payback.zip
2014-07-11 23:20 - 2014-07-11 23:20 - 13283829 _____ () C:\Users\Stefano\Downloads\Clean Bandit - Rather Be feat. Jess Glynne (Merk & Kremont Remix).zip
2014-07-11 23:19 - 2014-07-11 23:20 - 28987554 _____ () C:\Users\Stefano\Downloads\Lush & Simon - Hunter.zip
2014-07-11 23:15 - 2014-07-11 23:15 - 23676502 _____ () C:\Users\Stefano\Downloads\Dubvision - Backlash (martin garrix edit).zip
2014-07-10 13:23 - 2014-07-10 13:39 - 1830651904 _____ () C:\Users\Stefano\Downloads\backbox-3.13-amd64.iso
2014-07-10 13:07 - 2014-07-10 13:10 - 123787854 _____ () C:\Users\Stefano\Downloads\Synaptics_v17_0_19_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Acme_Inc.zip
2014-07-10 13:02 - 2014-07-10 13:06 - 145417920 _____ (Intel Corporation) C:\Users\Stefano\Downloads\Win64_152822.exe
2014-07-10 13:01 - 2014-07-10 13:01 - 02257338 _____ () C:\Users\Stefano\Downloads\win81-10.0.0.274-whql.zip
2014-07-10 12:57 - 2014-07-10 12:57 - 05839092 _____ () C:\Users\Stefano\Downloads\USB_Fresco_Win8_64_Z35730.zip
2014-07-10 12:53 - 2014-07-10 12:55 - 246695752 _____ (NVIDIA Corporation) C:\Users\Stefano\Downloads\327.23-notebook-win8-win7-64bit-international-whql.exe
2014-07-10 12:47 - 2014-07-10 12:48 - 104757922 _____ () C:\Users\Stefano\Downloads\Bluetooth_AW_NB037_Win7_32_Win7_64_Z72065.zip
2014-07-10 12:47 - 2014-07-10 12:47 - 02089740 _____ () C:\Users\Stefano\Downloads\WLAN_Atheros_PNP_Win7_64_Z920458.zip
2014-07-10 12:47 - 2014-07-10 12:47 - 00395314 _____ () C:\Users\Stefano\Downloads\IRST_Win7_64_Z10101008.zip
2014-07-10 12:47 - 2014-07-10 12:47 - 00165346 _____ () C:\Users\Stefano\Downloads\KBFilter_WIN7_64_1003.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 11119260 _____ () C:\Users\Stefano\Downloads\Power4Gear_Hybrid_Win7_64_Z1144.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 08213187 _____ () C:\Users\Stefano\Downloads\ATKPackage_Win7_64_z100008.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 07213471 _____ () C:\Users\Stefano\Downloads\Touchpad_Elantech_Win7_64_z70516.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 02550688 _____ () C:\Users\Stefano\Downloads\USB_Fresco_Win7_64_Z301163.zip
2014-07-10 12:45 - 2014-07-10 12:45 - 08429031 _____ () C:\Users\Stefano\Downloads\CardReader_Alcor_WIN7_32_WIN7_64_z181726026.zip
2014-07-10 12:45 - 2014-07-10 12:45 - 05745288 _____ () C:\Users\Stefano\Downloads\LAN_Realtek_Win7_64_Z7412162011.zip
2014-07-10 12:44 - 2014-07-10 12:45 - 87318517 _____ () C:\Users\Stefano\Downloads\Audio_Realtek_Win7_64_Z6016334.zip
2014-07-10 12:44 - 2014-07-10 12:44 - 02609804 _____ () C:\Users\Stefano\Downloads\Chipset_Intel_INFUpdate_Win7_32_64_Z9201021.zip
2014-07-09 21:42 - 2014-07-11 11:58 - 00000281 _____ () C:\Users\Stefano\Desktop\Set Sage PVP.txt
2014-07-09 17:32 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 16:03 - 2014-07-09 16:03 - 00057882 _____ () C:\Users\Stefano\Downloads\jspkg-archive.zip
2014-07-09 16:03 - 2014-01-02 09:01 - 00058666 _____ () C:\Users\Stefano\Desktop\jquery.dynatable.js
2014-07-09 16:03 - 2014-01-02 09:01 - 00001100 _____ () C:\Users\Stefano\Desktop\jquery.dynatable.css
2014-07-09 13:36 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 13:36 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 13:36 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 13:36 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 13:36 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 13:36 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 13:36 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 13:36 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 13:36 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 13:36 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 13:35 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 13:35 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 13:35 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 13:35 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 13:35 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 13:35 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 13:35 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 13:35 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 13:35 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 13:35 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 13:35 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 13:35 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 13:35 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 13:35 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 13:35 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 13:35 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 13:35 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 13:35 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 13:35 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 13:35 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 13:35 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 13:35 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 13:35 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 13:35 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 13:35 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 13:35 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 13:35 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 13:35 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 13:35 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 13:35 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 13:35 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 13:35 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 13:35 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 13:35 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:35 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 13:35 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 13:35 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:35 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 13:35 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 13:35 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 13:35 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 13:35 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 13:35 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 13:35 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 13:29 - 2014-07-09 13:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 20:12 - 2014-07-08 20:12 - 00015330 _____ () C:\Users\Stefano\Downloads\Dubvision-Backlash-Martin-Garrix-Edit-Decoy-2-20140702194847-nonstop2k.com.mid
2014-07-06 21:51 - 2012-06-01 16:27 - 00406901 _____ () C:\Users\Stefano\Desktop\Call Me Maybe_.vsqx
2014-07-06 21:50 - 2014-07-06 21:50 - 00281276 _____ () C:\Users\Stefano\Downloads\Alice.vsq
2014-07-06 21:36 - 2014-07-06 21:57 - 00000000 ___HD () C:\Users\Stefano\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
2014-07-06 21:36 - 2014-07-06 21:36 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\VOCALOID3
2014-07-06 21:36 - 2014-07-06 21:36 - 00000000 ____D () C:\Users\Stefano\AppData\Local\VOCALOID3
2014-07-06 21:32 - 2014-07-06 21:32 - 00000887 _____ () C:\Users\Stefano\Desktop\Vocaloid3FE.lnk
2014-07-06 21:32 - 2014-07-06 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocaloid3FE
2014-07-02 22:48 - 2014-07-02 22:48 - 00000264 _____ () C:\Users\Stefano\Downloads\SoldiLC.java
2014-07-01 12:19 - 2014-07-01 12:19 - 00000000 ____D () C:\Users\Stefano\Desktop\jBox-master
2014-07-01 12:09 - 2014-07-01 12:09 - 00000000 ____D () C:\Users\Stefano\Desktop\lib-mbox
2014-07-01 11:44 - 2014-07-01 11:44 - 00000000 ____D () C:\Users\Stefano\Desktop\sDashboard-master
2014-07-01 11:21 - 2014-03-12 18:50 - 00294250 _____ () C:\Users\Stefano\Desktop\w2ui-1.3.2.min.js
2014-07-01 11:21 - 2014-03-12 18:50 - 00071139 _____ () C:\Users\Stefano\Desktop\w2ui-1.3.2.min.css
2014-07-01 00:11 - 2014-07-01 00:11 - 00000000 ____D () C:\Users\Stefano\Desktop\mixitup-master
2014-06-30 20:29 - 2014-05-18 09:33 - 00014696 _____ () C:\Users\Stefano\Desktop\jquery.gridly.js
2014-06-30 20:29 - 2013-07-25 07:52 - 00000263 _____ () C:\Users\Stefano\Desktop\jquery.gridly.css
2014-06-30 19:42 - 2014-06-25 23:24 - 00042899 _____ () C:\Users\Stefano\Desktop\jquery.gridster.min.js
2014-06-30 19:42 - 2014-06-25 23:24 - 00003030 _____ () C:\Users\Stefano\Desktop\jquery.gridster.min.css
2014-06-30 19:02 - 2014-06-30 19:03 - 89884036 _____ () C:\Users\Stefano\Desktop\how you love me - master_5.wav
2014-06-28 18:12 - 2014-06-28 18:12 - 00021694 _____ () C:\Users\Stefano\Downloads\Porter-Robinson-Sad-Machine-Huntroxic-20140518122826-nonstop2k.com.mid
2014-06-28 18:06 - 2014-07-16 20:26 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Mp3tag
2014-06-28 18:04 - 2014-06-28 18:04 - 02672232 _____ () C:\Users\Stefano\Downloads\mp3tagv260setup.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-06-25 18:50 - 2014-06-25 18:50 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-06-25 18:49 - 2014-06-25 18:49 - 06404096 _____ () C:\Users\Stefano\Downloads\mysql-connector-java-gpl-5.1.31.msi
2014-06-25 15:39 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Stefano\.netbeans-derby
2014-06-25 13:31 - 2014-06-25 13:31 - 00000000 ____H () C:\Users\Stefano\Documents\Default.rdp
2014-06-25 11:27 - 2014-06-25 11:28 - 39917641 _____ (Hervé Leclerc (HeL) ) C:\Users\Stefano\Downloads\wampserver2.5-Apache-2.4.9-Mysql-5.6.17-php5.5.12-32b.exe
2014-06-24 21:56 - 2014-06-24 21:58 - 44742589 _____ () C:\Users\Stefano\Downloads\WAVE PIANO REMIX STEFANO.rar
2014-06-24 12:15 - 2014-06-24 12:15 - 00000866 _____ () C:\WINDOWS\setupact.log
2014-06-24 12:15 - 2014-06-24 12:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-23 17:40 - 2014-06-23 17:40 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zplane
2014-06-23 10:10 - 2014-07-18 14:05 - 01150460 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-23 10:08 - 2014-07-12 15:40 - 00001758 _____ () C:\WINDOWS\PFRO.log
2014-06-21 20:50 - 2014-06-21 20:51 - 09740168 _____ () C:\Users\Stefano\Downloads\com.buzzpia.aqua.launcher.apk
2014-06-21 19:16 - 2014-06-21 19:16 - 00035137 _____ () C:\Users\Stefano\Downloads\Quick_Boot_4.1.apk
2014-06-21 19:05 - 2014-06-21 19:05 - 02495349 _____ () C:\Users\Stefano\Downloads\RootBrowserFree-v1.4.0.apk
2014-06-21 19:01 - 2014-06-21 19:01 - 01451541 _____ () C:\Users\Stefano\Downloads\ukf20.apk
2014-06-21 18:04 - 2014-06-21 18:42 - 470877406 _____ () C:\Users\Stefano\Downloads\I9070PXXLPD_I9070PDBTLPD_DBT.zip
2014-06-21 16:59 - 2014-06-21 17:12 - 1254346403 _____ () C:\Users\Stefano\Downloads\I9070PXXLK4-VDHLE1.ZIP
2014-06-21 15:34 - 2014-06-21 15:34 - 03993673 _____ () C:\Users\Stefano\Downloads\recovery-clockwork-5.5.0.4-ariesve.tar.md5
2014-06-21 15:24 - 2014-06-21 15:24 - 00974511 _____ () C:\Users\Stefano\Downloads\odin.zip
2014-06-21 15:21 - 2014-06-21 15:21 - 01439353 _____ () C:\Users\Stefano\Downloads\root.zip
2014-06-21 15:11 - 2014-06-21 15:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-20 21:51 - 2014-06-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-06-20 21:51 - 2014-06-20 21:51 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-06-20 21:51 - 2013-12-01 14:10 - 00257624 _____ () C:\WINDOWS\system32\unrar64.dll
2014-06-20 21:51 - 2013-12-01 14:10 - 00218200 _____ () C:\WINDOWS\SysWOW64\unrar.dll
2014-06-20 21:50 - 2014-06-20 21:50 - 18298279 _____ ( ) C:\Users\Stefano\Downloads\K-Lite_Codec_Pack_1055_Standard.exe
2014-06-19 12:02 - 2014-06-19 12:02 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\TeamViewer
2014-06-19 11:22 - 2014-06-19 11:23 - 30826464 _____ (InfoCert S.p.A ) C:\Users\Stefano\Downloads\Dike 5.5.0.exe

==================== One Month Modified Files and Folders =======

2014-07-18 17:13 - 2014-07-18 17:12 - 00035753 _____ () C:\Users\Stefano\Desktop\FRST.txt
2014-07-18 17:13 - 2014-07-18 17:12 - 00000000 ____D () C:\FRST
2014-07-18 17:12 - 2014-05-11 16:52 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\uTorrent
2014-07-18 17:11 - 2014-07-18 17:11 - 02086912 _____ (Farbar) C:\Users\Stefano\Desktop\FRST64.exe
2014-07-18 17:11 - 2014-07-18 17:04 - 00000000 ____D () C:\AdwCleaner
2014-07-18 17:04 - 2014-05-11 16:47 - 00000978 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-18 17:03 - 2014-07-18 17:03 - 01354223 _____ () C:\Users\Stefano\Desktop\adwcleaner_3.216.exe
2014-07-18 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-18 16:46 - 2014-05-11 16:35 - 00001174 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 14:05 - 2014-06-23 10:10 - 01150460 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-18 13:55 - 2014-05-11 16:48 - 00000000 ____D () C:\Program Files\PeerBlock
2014-07-18 13:41 - 2014-03-18 11:53 - 01923712 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-18 13:41 - 2014-03-18 11:25 - 00842492 _____ () C:\WINDOWS\system32\perfh010.dat
2014-07-18 13:41 - 2014-03-18 11:25 - 00174514 _____ () C:\WINDOWS\system32\perfc010.dat
2014-07-18 13:40 - 2014-05-11 13:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4111190891-2693242929-372597044-1001
2014-07-18 13:38 - 2014-05-13 18:28 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Adobe
2014-07-18 13:37 - 2014-05-11 13:52 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Dropbox
2014-07-18 13:36 - 2014-07-18 13:36 - 00003048 _____ () C:\WINDOWS\System32\Tasks\AsrKM
2014-07-18 13:36 - 2014-05-17 18:39 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-07-18 13:36 - 2014-05-11 16:35 - 00001170 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 13:35 - 2014-05-11 16:29 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\DropboxMaster
2014-07-18 13:35 - 2014-05-11 16:08 - 00000000 __RDO () C:\Users\Stefano\OneDrive
2014-07-18 13:34 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 20:41 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-17 20:34 - 2014-07-17 20:34 - 17050168 _____ (Focusrite Audio Engineering Ltd. ) C:\Users\Stefano\Downloads\vrm-box-1.4.exe
2014-07-17 18:25 - 2014-07-17 18:25 - 00024421 _____ () C:\Users\Stefano\Downloads\Porter-Robinson-Urban-Cone-Lionhearted-Huntroxic-20140624182051-nonstop2k.com.mid
2014-07-16 20:26 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Mp3tag
2014-07-16 17:52 - 2014-05-13 19:13 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Audacity
2014-07-16 17:27 - 2014-07-16 17:15 - 36514762 _____ () C:\Users\Stefano\Downloads\PRLR.zip
2014-07-16 16:13 - 2014-05-16 20:38 - 00001456 _____ () C:\Users\Stefano\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-16 11:58 - 2014-07-16 11:58 - 17574778 _____ (RubyInstaller Team ) C:\Users\Stefano\Downloads\rubyinstaller-2.0.0-p481-x64.exe
2014-07-16 11:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-15 23:33 - 2014-07-15 21:11 - 00000000 ____D () C:\Users\Stefano\Desktop\WP8
2014-07-15 22:39 - 2014-05-13 20:50 - 00000000 ____D () C:\Users\Stefano\Documents\NetBeansProjects
2014-07-15 22:37 - 2014-07-15 22:37 - 00000000 ____D () C:\Users\Stefano\Desktop\google-cloud-sdk
2014-07-15 22:31 - 2014-07-15 22:23 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\gcloud
2014-07-15 22:26 - 2014-07-15 22:26 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK
2014-07-15 22:22 - 2014-07-15 22:22 - 00000000 ____D () C:\python27_x64
2014-07-15 22:22 - 2014-07-15 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-07-15 22:21 - 2014-07-15 22:21 - 00000000 ____D () C:\Program Files\Google
2014-07-15 22:20 - 2014-07-15 22:20 - 00715304 _____ () C:\Users\Stefano\Downloads\GoogleCloudSDKInstaller.exe
2014-07-15 22:05 - 2014-07-15 22:05 - 32454608 _____ ( ) C:\Users\Stefano\Downloads\heroku-toolbelt.exe
2014-07-15 22:04 - 2014-06-09 11:19 - 00000000 ____D () C:\Users\Stefano\AppData\Local\GitHub
2014-07-15 22:04 - 2014-05-13 21:27 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Deployment
2014-07-15 22:03 - 2014-06-09 11:19 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\GitHub
2014-07-15 21:42 - 2014-07-15 21:30 - 00001758 _____ () C:\Users\Stefano\Desktop\push.txt
2014-07-15 20:26 - 2014-07-15 17:31 - 00000000 ____D () C:\Users\Stefano\Documents\Librerie WP
2014-07-15 18:15 - 2014-07-15 18:15 - 00297387 _____ () C:\Users\Stefano\Downloads\jsoup-1.7.3.jar
2014-07-15 18:15 - 2014-05-13 20:44 - 00000000 ____D () C:\Users\Stefano\Documents\Librerie JAVA
2014-07-15 18:14 - 2014-07-15 18:13 - 00111603 _____ () C:\Users\Stefano\Desktop\africa.html
2014-07-15 17:34 - 2014-07-15 17:34 - 00000000 ____D () C:\Users\Stefano\Desktop\App42_CustomCode_Sample-master
2014-07-15 17:31 - 2014-07-15 17:31 - 00000000 ____D () C:\Users\Stefano\Downloads\Nuova cartella
2014-07-15 17:31 - 2014-05-16 12:55 - 00000000 ____D () C:\Users\Stefano\Documents\Visual Studio 2013
2014-07-15 17:29 - 2014-07-15 17:29 - 01603127 _____ () C:\Users\Stefano\Downloads\App42_WINDOWS_SDK-master.zip
2014-07-15 11:45 - 2014-07-15 11:45 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 11:45 - 2014-07-15 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-14 18:18 - 2014-07-14 17:52 - 00012619 _____ () C:\Users\Stefano\Downloads\hijackthis.log
2014-07-14 17:52 - 2014-07-14 17:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Stefano\Downloads\HijackThis.exe
2014-07-14 17:52 - 2014-05-11 13:03 - 00000000 ____D () C:\Users\Stefano\AppData\Local\VirtualStore
2014-07-14 17:50 - 2014-07-14 17:50 - 00688992 _____ (Swearware) C:\Users\Stefano\Downloads\dds.com
2014-07-14 17:46 - 2014-07-14 17:46 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Stefano\Downloads\tdsskiller.exe
2014-07-14 16:30 - 2014-07-14 16:30 - 01428552 _____ (Markus Stein ) C:\Users\Stefano\Downloads\MP3Test_v1.7.0.172.exe
2014-07-14 16:30 - 2014-07-14 16:30 - 00000000 ___RD () C:\Sandbox
2014-07-14 16:28 - 2014-07-14 16:27 - 00000085 _____ () C:\Users\Stefano\Desktop\mp3val-frontend.ini
2014-07-14 08:57 - 2014-07-12 12:39 - 00001580 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-13 20:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 17:27 - 2014-05-12 23:34 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\KeePass
2014-07-13 14:04 - 2014-05-11 16:34 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-13 13:53 - 2014-05-14 19:16 - 00109056 ___SH () C:\Users\Stefano\Downloads\Thumbs.db
2014-07-13 13:39 - 2014-05-16 22:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 20:12 - 2014-05-12 21:30 - 00193024 ___SH () C:\Users\Stefano\Desktop\Thumbs.db
2014-07-12 19:45 - 2014-07-12 19:37 - 00000000 __HDC () C:\ProgramData\{46016C81-6B2A-48A6-9AD7-5E4749FFDC18}
2014-07-12 19:45 - 2014-05-22 16:21 - 00000000 ____D () C:\Program Files\Native Instruments
2014-07-12 19:45 - 2014-05-22 16:21 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-07-12 19:45 - 2014-05-13 20:45 - 00000000 ____D () C:\Users\Stefano\Documents\Native Instruments
2014-07-12 19:37 - 2014-05-11 16:50 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\DAEMON Tools Lite
2014-07-12 17:50 - 2014-06-09 11:33 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Aptana Studio 3
2014-07-12 15:40 - 2014-06-23 10:08 - 00001758 _____ () C:\WINDOWS\PFRO.log
2014-07-12 15:17 - 2014-07-12 14:58 - 02883998 _____ () C:\Users\Stefano\Downloads\AGB_323_fs_kernel_mod_1.1.zip
2014-07-12 15:17 - 2014-07-12 14:58 - 02716624 _____ () C:\Users\Stefano\Downloads\USR_AGB_260207_2352.zip
2014-07-12 15:17 - 2014-07-12 14:58 - 01490862 _____ () C:\Users\Stefano\Downloads\AGB_323_fs_kernel_psiclear.zip
2014-07-12 14:50 - 2014-07-12 14:50 - 00002233 _____ () C:\Users\Stefano\Downloads\md5.h
2014-07-12 12:37 - 2014-07-12 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-12 12:36 - 2014-07-12 12:39 - 00000918 _____ () C:\Users\Stefano\Desktop\Browser Web nell'area virtuale.lnk
2014-07-12 12:36 - 2014-07-12 12:36 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Stefano\Downloads\SandboxieInstall.exe
2014-07-12 12:36 - 2014-07-12 12:36 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Stefano\Downloads\SandboxieInstall(1).exe
2014-07-12 12:36 - 2014-07-12 12:36 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-12 11:45 - 2014-07-12 11:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 11:41 - 2014-07-12 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-12 11:41 - 2014-07-12 11:41 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-12 11:20 - 2014-07-12 11:20 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\AVAST Software
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-12 11:20 - 2014-07-12 11:19 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-12 11:20 - 2014-07-12 11:19 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-12 11:19 - 2014-07-12 11:19 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-12 11:19 - 2014-07-12 11:19 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-12 11:19 - 2014-07-12 11:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-12 11:19 - 2014-07-12 11:19 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-12 11:18 - 2014-07-12 11:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-12 11:18 - 2014-07-12 11:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-12 11:17 - 2014-07-12 11:17 - 04862664 _____ (AVAST Software) C:\Users\Stefano\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 11:17 - 2014-07-12 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 11:17 - 2014-07-12 11:10 - 00000000 ____D () C:\Users\Stefano\Desktop\mbar
2014-07-12 11:12 - 2014-07-12 11:12 - 05218570 _____ (Swearware) C:\Users\Stefano\Downloads\ComboFix.exe
2014-07-12 10:59 - 2014-07-12 10:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Stefano\Downloads\mbar-1.07.0.1012.exe
2014-07-12 10:56 - 2014-07-12 10:56 - 05185536 _____ (AVAST Software) C:\Users\Stefano\Downloads\aswmbr.exe
2014-07-12 10:54 - 2014-07-12 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 10:54 - 2014-07-12 10:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefano\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-12 10:53 - 2014-07-12 10:53 - 00380416 _____ () C:\Users\Stefano\Downloads\ubsqhbvr.exe
2014-07-12 10:51 - 2014-07-12 10:51 - 00000870 _____ () C:\Users\Stefano\Desktop\pc simone.txt
2014-07-11 23:41 - 2014-07-11 23:39 - 25422164 _____ () C:\Users\Stefano\Downloads\FL Studio Series #01 - Big Room & Dirtyzip.zip
2014-07-11 23:41 - 2014-07-11 23:39 - 25059097 _____ () C:\Users\Stefano\Downloads\FL Studio Series #04 - Progressive House.zip
2014-07-11 23:40 - 2014-07-11 23:39 - 16909132 _____ () C:\Users\Stefano\Downloads\FL Studio Series #02 Big Room..zip
2014-07-11 23:20 - 2014-07-11 23:20 - 18041738 _____ () C:\Users\Stefano\Downloads\Dimitri Vangelis & Wyman X Steve Angello - Payback.zip
2014-07-11 23:20 - 2014-07-11 23:20 - 13283829 _____ () C:\Users\Stefano\Downloads\Clean Bandit - Rather Be feat. Jess Glynne (Merk & Kremont Remix).zip
2014-07-11 23:20 - 2014-07-11 23:19 - 28987554 _____ () C:\Users\Stefano\Downloads\Lush & Simon - Hunter.zip
2014-07-11 23:15 - 2014-07-11 23:15 - 23676502 _____ () C:\Users\Stefano\Downloads\Dubvision - Backlash (martin garrix edit).zip
2014-07-11 11:58 - 2014-07-09 21:42 - 00000281 _____ () C:\Users\Stefano\Desktop\Set Sage PVP.txt
2014-07-11 00:36 - 2014-05-11 17:03 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\TS3Client
2014-07-10 16:20 - 2014-05-11 16:02 - 00000000 ____D () C:\Users\Stefano
2014-07-10 13:39 - 2014-07-10 13:23 - 1830651904 _____ () C:\Users\Stefano\Downloads\backbox-3.13-amd64.iso
2014-07-10 13:10 - 2014-07-10 13:07 - 123787854 _____ () C:\Users\Stefano\Downloads\Synaptics_v17_0_19_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Acme_Inc.zip
2014-07-10 13:06 - 2014-07-10 13:02 - 145417920 _____ (Intel Corporation) C:\Users\Stefano\Downloads\Win64_152822.exe
2014-07-10 13:01 - 2014-07-10 13:01 - 02257338 _____ () C:\Users\Stefano\Downloads\win81-10.0.0.274-whql.zip
2014-07-10 12:57 - 2014-07-10 12:57 - 05839092 _____ () C:\Users\Stefano\Downloads\USB_Fresco_Win8_64_Z35730.zip
2014-07-10 12:55 - 2014-07-10 12:53 - 246695752 _____ (NVIDIA Corporation) C:\Users\Stefano\Downloads\327.23-notebook-win8-win7-64bit-international-whql.exe
2014-07-10 12:48 - 2014-07-10 12:47 - 104757922 _____ () C:\Users\Stefano\Downloads\Bluetooth_AW_NB037_Win7_32_Win7_64_Z72065.zip
2014-07-10 12:47 - 2014-07-10 12:47 - 02089740 _____ () C:\Users\Stefano\Downloads\WLAN_Atheros_PNP_Win7_64_Z920458.zip
2014-07-10 12:47 - 2014-07-10 12:47 - 00395314 _____ () C:\Users\Stefano\Downloads\IRST_Win7_64_Z10101008.zip
2014-07-10 12:47 - 2014-07-10 12:47 - 00165346 _____ () C:\Users\Stefano\Downloads\KBFilter_WIN7_64_1003.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 11119260 _____ () C:\Users\Stefano\Downloads\Power4Gear_Hybrid_Win7_64_Z1144.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 08213187 _____ () C:\Users\Stefano\Downloads\ATKPackage_Win7_64_z100008.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 07213471 _____ () C:\Users\Stefano\Downloads\Touchpad_Elantech_Win7_64_z70516.zip
2014-07-10 12:46 - 2014-07-10 12:46 - 02550688 _____ () C:\Users\Stefano\Downloads\USB_Fresco_Win7_64_Z301163.zip
2014-07-10 12:45 - 2014-07-10 12:45 - 08429031 _____ () C:\Users\Stefano\Downloads\CardReader_Alcor_WIN7_32_WIN7_64_z181726026.zip
2014-07-10 12:45 - 2014-07-10 12:45 - 05745288 _____ () C:\Users\Stefano\Downloads\LAN_Realtek_Win7_64_Z7412162011.zip
2014-07-10 12:45 - 2014-07-10 12:44 - 87318517 _____ () C:\Users\Stefano\Downloads\Audio_Realtek_Win7_64_Z6016334.zip
2014-07-10 12:44 - 2014-07-10 12:44 - 02609804 _____ () C:\Users\Stefano\Downloads\Chipset_Intel_INFUpdate_Win7_32_64_Z9201021.zip
2014-07-10 10:38 - 2013-08-22 16:44 - 05054752 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 23:51 - 2014-03-18 11:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 23:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 23:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 23:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 23:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 17:35 - 2014-05-11 14:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 17:35 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 17:34 - 2014-05-11 14:07 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 16:03 - 2014-07-09 16:03 - 00057882 _____ () C:\Users\Stefano\Downloads\jspkg-archive.zip
2014-07-09 15:39 - 2014-06-09 11:22 - 00000000 ____D () C:\Users\Stefano\Documents\GitHub
2014-07-09 13:29 - 2014-07-09 13:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 20:12 - 2014-07-08 20:12 - 00015330 _____ () C:\Users\Stefano\Downloads\Dubvision-Backlash-Martin-Garrix-Edit-Decoy-2-20140702194847-nonstop2k.com.mid
2014-07-08 19:04 - 2014-05-11 16:47 - 00003866 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-06 21:57 - 2014-07-06 21:36 - 00000000 ___HD () C:\Users\Stefano\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
2014-07-06 21:50 - 2014-07-06 21:50 - 00281276 _____ () C:\Users\Stefano\Downloads\Alice.vsq
2014-07-06 21:36 - 2014-07-06 21:36 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\VOCALOID3
2014-07-06 21:36 - 2014-07-06 21:36 - 00000000 ____D () C:\Users\Stefano\AppData\Local\VOCALOID3
2014-07-06 21:32 - 2014-07-06 21:32 - 00000887 _____ () C:\Users\Stefano\Desktop\Vocaloid3FE.lnk
2014-07-06 21:32 - 2014-07-06 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocaloid3FE
2014-07-03 00:04 - 2014-05-11 13:03 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Packages
2014-07-02 22:48 - 2014-07-02 22:48 - 00000264 _____ () C:\Users\Stefano\Downloads\SoldiLC.java
2014-07-02 14:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-01 12:19 - 2014-07-01 12:19 - 00000000 ____D () C:\Users\Stefano\Desktop\jBox-master
2014-07-01 12:09 - 2014-07-01 12:09 - 00000000 ____D () C:\Users\Stefano\Desktop\lib-mbox
2014-07-01 11:44 - 2014-07-01 11:44 - 00000000 ____D () C:\Users\Stefano\Desktop\sDashboard-master
2014-07-01 00:11 - 2014-07-01 00:11 - 00000000 ____D () C:\Users\Stefano\Desktop\mixitup-master
2014-06-30 19:03 - 2014-06-30 19:02 - 89884036 _____ () C:\Users\Stefano\Desktop\how you love me - master_5.wav
2014-06-29 16:47 - 2014-05-24 18:49 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Spotify
2014-06-28 18:12 - 2014-06-28 18:12 - 00021694 _____ () C:\Users\Stefano\Downloads\Porter-Robinson-Sad-Machine-Huntroxic-20140518122826-nonstop2k.com.mid
2014-06-28 18:04 - 2014-06-28 18:04 - 02672232 _____ () C:\Users\Stefano\Downloads\mp3tagv260setup.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 20:18 - 2014-05-30 14:31 - 00000000 ____D () C:\ProgramData\Origin
2014-06-26 20:17 - 2014-05-30 14:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-26 11:09 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Telegram Win (Unofficial)
2014-06-26 11:08 - 2014-05-11 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2014-06-26 11:08 - 2014-05-11 13:15 - 00000000 ____D () C:\Program Files (x86)\ASRock Utility
2014-06-25 23:24 - 2014-06-30 19:42 - 00042899 _____ () C:\Users\Stefano\Desktop\jquery.gridster.min.js
2014-06-25 23:24 - 2014-06-30 19:42 - 00003030 _____ () C:\Users\Stefano\Desktop\jquery.gridster.min.css
2014-06-25 18:50 - 2014-06-25 18:50 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-06-25 18:49 - 2014-06-25 18:49 - 06404096 _____ () C:\Users\Stefano\Downloads\mysql-connector-java-gpl-5.1.31.msi
2014-06-25 16:07 - 2014-06-25 15:39 - 00000000 ____D () C:\Users\Stefano\.netbeans-derby
2014-06-25 15:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-25 13:31 - 2014-06-25 13:31 - 00000000 ____H () C:\Users\Stefano\Documents\Default.rdp
2014-06-25 11:28 - 2014-06-25 11:27 - 39917641 _____ (Hervé Leclerc (HeL) ) C:\Users\Stefano\Downloads\wampserver2.5-Apache-2.4.9-Mysql-5.6.17-php5.5.12-32b.exe
2014-06-24 21:58 - 2014-06-24 21:56 - 44742589 _____ () C:\Users\Stefano\Downloads\WAVE PIANO REMIX STEFANO.rar
2014-06-24 12:15 - 2014-06-24 12:15 - 00000866 _____ () C:\WINDOWS\setupact.log
2014-06-24 12:15 - 2014-06-24 12:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-24 10:56 - 2014-05-24 18:55 - 00000141 _____ () C:\Users\Stefano\Desktop\Options.ini
2014-06-23 18:56 - 2014-05-24 18:50 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Spotify
2014-06-23 17:40 - 2014-06-23 17:40 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zplane
2014-06-23 14:43 - 2014-06-07 14:56 - 00290184 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-06-23 14:43 - 2014-05-31 15:59 - 00290184 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-06-23 14:43 - 2014-05-31 15:59 - 00280904 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-06-21 20:51 - 2014-06-21 20:50 - 09740168 _____ () C:\Users\Stefano\Downloads\com.buzzpia.aqua.launcher.apk
2014-06-21 19:16 - 2014-06-21 19:16 - 00035137 _____ () C:\Users\Stefano\Downloads\Quick_Boot_4.1.apk
2014-06-21 19:05 - 2014-06-21 19:05 - 02495349 _____ () C:\Users\Stefano\Downloads\RootBrowserFree-v1.4.0.apk
2014-06-21 19:01 - 2014-06-21 19:01 - 01451541 _____ () C:\Users\Stefano\Downloads\ukf20.apk
2014-06-21 18:42 - 2014-06-21 18:04 - 470877406 _____ () C:\Users\Stefano\Downloads\I9070PXXLPD_I9070PDBTLPD_DBT.zip
2014-06-21 17:12 - 2014-06-21 16:59 - 1254346403 _____ () C:\Users\Stefano\Downloads\I9070PXXLK4-VDHLE1.ZIP
2014-06-21 15:34 - 2014-06-21 15:34 - 03993673 _____ () C:\Users\Stefano\Downloads\recovery-clockwork-5.5.0.4-ariesve.tar.md5
2014-06-21 15:24 - 2014-06-21 15:24 - 00974511 _____ () C:\Users\Stefano\Downloads\odin.zip
2014-06-21 15:21 - 2014-06-21 15:21 - 01439353 _____ () C:\Users\Stefano\Downloads\root.zip
2014-06-21 15:11 - 2014-06-21 15:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-20 21:51 - 2014-06-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-06-20 21:51 - 2014-06-20 21:51 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-06-20 21:50 - 2014-06-20 21:50 - 18298279 _____ ( ) C:\Users\Stefano\Downloads\K-Lite_Codec_Pack_1055_Standard.exe
2014-06-20 11:33 - 2014-05-16 22:21 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Microsoft Help
2014-06-20 00:31 - 2014-06-11 22:35 - 00000000 ____D () C:\Users\Stefano\AppData\Local\Overwolf
2014-06-19 14:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-19 14:25 - 2014-05-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 12:02 - 2014-06-19 12:02 - 00000000 ____D () C:\Users\Stefano\AppData\Roaming\TeamViewer
2014-06-19 11:23 - 2014-06-19 11:22 - 30826464 _____ (InfoCert S.p.A ) C:\Users\Stefano\Downloads\Dike 5.5.0.exe
2014-06-19 10:59 - 2014-05-11 13:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 10:31 - 2014-05-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 03:39 - 2014-07-09 13:35 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 02:48 - 2014-07-09 13:35 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 02:16 - 2014-07-09 13:35 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:09 - 2014-07-09 13:35 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 01:51 - 2014-07-09 13:35 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 13:35 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 13:35 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 01:46 - 2014-07-09 13:35 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 01:39 - 2014-07-09 13:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 01:33 - 2014-07-09 13:35 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 13:35 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 01:27 - 2014-07-09 13:35 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 01:12 - 2014-07-09 13:35 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 00:59 - 2014-07-09 13:35 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 13:35 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 13:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 00:57 - 2014-07-09 13:35 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 00:52 - 2014-07-09 13:35 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 13:35 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 13:35 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 00:45 - 2014-07-09 13:35 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 13:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 13:35 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 13:35 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 13:35 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 13:35 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 13:35 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-18 17:02 - 2014-06-18 17:02 - 00004608 _____ () C:\WINDOWS\SECOH-QAD.exe
2014-06-18 17:02 - 2014-06-18 17:02 - 00003708 _____ () C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2014-06-18 17:02 - 2014-06-18 17:02 - 00003584 _____ () C:\WINDOWS\SECOH-QAD.dll
2014-06-18 17:02 - 2014-06-18 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-06-18 17:02 - 2014-06-18 17:02 - 00000000 ____D () C:\Program Files\KMSpico
2014-06-18 12:42 - 2014-06-18 12:42 - 00000000 ____D () C:\Users\Stefano\Desktop\KMSpico Install
2014-06-18 12:24 - 2014-06-18 12:24 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-18 12:23 - 2014-03-18 11:37 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-06-18 12:22 - 2014-06-18 12:22 - 00000000 __RHD () C:\MSOCache
2014-06-18 12:22 - 2014-06-18 11:46 - 818968576 _____ () C:\Users\Stefano\Downloads\OfficeProfessionalPlus_x64_it-it.img
2014-06-18 10:47 - 2014-06-12 10:47 - 00000000 ____D () C:\Program Files (x86)\Overwolf

Some content of TEMP:
====================
C:\Users\Stefano\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy4atb1.dll
C:\Users\Stefano\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Stefano\AppData\Local\Temp\Quarantine.exe
C:\Users\Stefano\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-16 11:08

==================== End Of Log ============================
 

 

I hope that everything's fine, thanks for your help :)

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:28 PM

Posted 18 July 2014 - 01:23 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(BitTorrent Inc.) C:\Users\Stefano\AppData\Roaming\uTorrent\uTorrent.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 AsrSetupDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AsrSetupDrv.sys [X]
S3 AxtuDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 StepTNT

StepTNT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 18 July 2014 - 03:20 PM

Before running the script, can you please tell me what it does?

Because I've seen references to things that I'm actually using and I don't want to mess things up with the software that I need :)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:28 PM

Posted 19 July 2014 - 06:49 AM

Except for this uTorrent process
C:\Users\Stefano\AppData\Roaming\uTorrent\uTorrent.exe

all the others are to remove empty registry entries.

Read item 3 from this page and decide if you want to keep uTorrent.
Just delete the line from my suggested fix.

#7 StepTNT

StepTNT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 22 July 2014 - 03:11 AM

fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Stefano at 2014-07-22 10:05:44 Run:1
Running from C:\Users\Stefano\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 AsrSetupDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AsrSetupDrv.sys [X]
S3 AxtuDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

End
*****************

'HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon' => Key deleted successfully.
HKU\S-1-5-21-4111190891-2693242929-372597044-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
Service KMSELDI => Service deleted successfully.
AsrSetupDrv => Service not found.
AxtuDrv => Service deleted successfully.
BRDriver64 => Service deleted successfully.
pccsmcfd => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
vmci => Service deleted successfully.
VMnetAdapter => Service deleted successfully.

==== End of Fixlog ====

 

 

checkup:

 

 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java 7 Update 60  
 Visual Studio Extensions for Windows Library for JavaScript
 Java version out of Date!
 Adobe Flash Player     14.0.0.145  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

The computer seems fine like it was before, but there are still some odd things and I don't understand why.

Sometimes it happens that clicking on Shutdown makes the computer reboot for no reason.

 

Thanks again for your time :)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:28 PM

Posted 22 July 2014 - 08:45 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 60

===

The computer seems fine like it was before, but there are still some odd things and I don't understand why.
Sometimes it happens that clicking on Shutdown makes the computer reboot for no reason.


Could be a driver issue for one processes running at the time you shutdow.
Close all programs before shutting down.

If the problem stops then this will confirm my suspicion.

You can check for 3rd party driver updates with this tool.

Check it out.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs/drivers that are damaged OR needs to be updated.

Keep me posted.

#9 StepTNT

StepTNT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 24 July 2014 - 03:04 AM

Scanning with Secunia PSI reports that everything's fine.

 

I'm still a little bit scared that I've some weird rootkit though, but the computer seems to work smooth as it did before so I guess that everything should be fine now.

 

Thanks again for your time and your help :)



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:28 PM

Posted 24 July 2014 - 07:22 AM

You can always run this online scan to be sure all is well.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:28 PM

Posted 30 July 2014 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users