Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maybe Trojan. Help


  • This topic is locked This topic is locked
36 replies to this topic

#1 MarioItaly

MarioItaly

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 17 July 2014 - 02:59 PM

Hi everybody. I got a problem. Maybe i got a trojan (yes I'm not sure of it. or at least i'm not sure i've removed it). I probably got a trojan in wininit.exe. Searching on the web i've read that using Combofix maybe would solve it. I Did it. First time combofix found something and deleted it . (here's the log but i haven't understood much, better saying almost nothing). Now i don't know if i'm still infected or not. Please help me! I know i'm bothering you for a such stupid thing but please! here's the first combifix log and the second one (i've run combofix twice to see if it would find the same elements). Forgive my english, i'm doing my best. Thank you for reading this and for helping me.

First run of Combofix

Attached File  ComboFix.txt   24.93KB   4 downloads

 

Second run of Combofix

Attached File  ComboFix2.txt   23.88KB   3 downloads



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 17 July 2014 - 03:35 PM

Hello MarioItaly and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

A note about ComboFix - while you may see ComboFix being used quite often, it should never be run unsupervised (as stated in the disclaimer that is first displayed by ComboFix when you run it)

All diagnostic and “fixing” programs/tools are used to search for or target specific malware. Throwing these randomly at your computer in the hope of a quick cure may render your machine a doorstop.

That said, let’s sort your problem out.  :)

===============================================

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT


     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

AdwCleaner log
JRT.txt
OTL.txt
Extras.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 18 July 2014 - 07:44 AM

Hi Satchfan! First of all thank you very much for replying to me! Thanks for giving me some of your time. I've done all you told me to do. I really hope i've done it the right way! Here you are the logs you requested.

 

AdwCleaner
Attached File  AdwCleanerS0.txt   12.34KB   1 downloads

 

JRT

Attached File  JRT.txt   34.6KB   1 downloads

 

OTL

Attached File  OTL.Txt   149.52KB   2 downloads

 

Extras

Attached File  Extras.Txt   85.16KB   1 downloads

 

I really hope i didn't do anything wrong.

 

Thank you so much once again.

 

I'll wait for your reply.

 

Have a nice day

 

Bye

Mario



#4 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 18 July 2014 - 07:54 AM

Thanks. You did very well and that cleaned up a lot.

 

I'm working at the moment but will check the other logs and report back as soon as I can.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 18 July 2014 - 05:25 PM

Hi Mario

You have quite a lot of bad stuff which is a combination of bad/uninformed choices in what you download/install and not protecting your computer.

Hopefully we can clean it and I can give you advice about both issues.


P2P - I see you have P2P software, (uTorrent & emule), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall them now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep them, please don’t use them until we have finished up here.

===================================================

Uninstall programs

Uninstall these programs if present:

FullRemove.exe
Relevantknowledge
Sweetpacks

  • click Start, Control Panel, Programs and Features
  • click on FullRemove.exe and then on Uninstall. Repeat this for Relevantknowledge and Sweetpacks, (any entry)

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
[/list]================================================

Run OTL


  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    
    
    :OTL
    
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    O3 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    
    O4 - HKLM..\Run: []  File not found
    
    
    
    :Reg
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    
    "EnableFirewall" =dword:00000001
    
    
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    
    "EnableFirewall" =dword:00000001
    
    
    
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    
    "EnableFirewall" =dword:00000001
    
    
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    
    "{04554AB3-CC08-4C60-B6B0-FF5BC291DA1D}" =-
    
    "{239EFA17-A099-4FA6-923D-A407A3E74DB9}" =-
    
    "{8386370A-8F18-464B-9AEE-0C27AC99FAC7}" =-
    
    "{27AB2538-147D-42C8-A2E9-26C4C340E69C}" =-
    
    "{C1462A3E-DFCD-4AD5-8978-C99832B4DA1B}" =  
    
    "{EB9D0AE4-FE02-4000-80CB-401A9601FF92}" =-
    
    "{EFD04B6A-A1D4-49D2-B207-6A9FF11B1A4E}" =-
    
    "{FEFB4911-254B-4C4A-94D6-514BDA9FCA67}" =
    
    “{6ACA836F-0408-43CF-9E89-832CBA4013A5}=-
    
    
    
    :Files
    
    ipconfig /flushdns /c
    
    
    
    :Commands
    
    [purity]
    
    [emptytemp]
    
    [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log and new OTL log.

================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Please copy and paste them into the post, not attach them.

Logs to include in the next post:

OTL fix log
New OTL log
FRST.txt


Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 19 July 2014 - 07:05 AM

Hi Satchfan, once again thank you for replying to me. As you suggest i'm thinking about unistalling utorrent and emule. by the way, i just can't find the programs you told me to unistall. before I proceed with otl and Farbar recovery scan tool i post to you 2 screenshot of what I find in "Programs". I have to proceed anyway with otl and farbar or there's something else i have to do before?

I'll wait for your reply before run the programs.

 

Thank you and sorry for the disturb.

 

Bye

Mario

 

 

Screenshot 1:

http://i57.tinypic.com/17r7d5.jpg

 

 

Screenshot 2:

http://i62.tinypic.com/nltmpk.jpg

 

I've uploaded them because i've almost finished my available attachement space (can I erase the other files or you still need them? )

 

 



#7 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 19 July 2014 - 08:39 AM

Please copy and paste them into the post, not attach them.

 

Please continue with the other instructions and as I asked, copy/paste them into your reply.

Thanks

Satchfan
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 19 July 2014 - 05:03 PM

Hi satchfan. As you asked here's the log:

 

OTL Fix log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618497152-2901538135-3777664876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04554AB3-CC08-4C60-B6B0-FF5BC291DA1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04554AB3-CC08-4C60-B6B0-FF5BC291DA1D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{239EFA17-A099-4FA6-923D-A407A3E74DB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239EFA17-A099-4FA6-923D-A407A3E74DB9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8386370A-8F18-464B-9AEE-0C27AC99FAC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8386370A-8F18-464B-9AEE-0C27AC99FAC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27AB2538-147D-42C8-A2E9-26C4C340E69C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27AB2538-147D-42C8-A2E9-26C4C340E69C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{C1462A3E-DFCD-4AD5-8978-C99832B4DA1B}" | /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB9D0AE4-FE02-4000-80CB-401A9601FF92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB9D0AE4-FE02-4000-80CB-401A9601FF92}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFD04B6A-A1D4-49D2-B207-6A9FF11B1A4E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFD04B6A-A1D4-49D2-B207-6A9FF11B1A4E}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{FEFB4911-254B-4C4A-94D6-514BDA9FCA67}" | /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\“{6ACA836F-0408-43CF-9E89-832CBA4013A5} not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Mario\Desktop\cmd.bat deleted successfully.
C:\Users\Mario\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mario
->Temp folder emptied: 48529658 bytes
->Temporary Internet Files folder emptied: 1239411 bytes
->Java cache emptied: 84144 bytes
->FireFox cache emptied: 124549567 bytes
->Google Chrome cache emptied: 292055737 bytes
->Flash cache emptied: 48441 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68002 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 445,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07192014_233332

Files\Folders moved on Reboot...
C:\Users\Mario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

OTL New scan log:

OTL logfile created on: 19/07/2014 23:41:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mario\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
3,86 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 59,62% Memory free
7,71 Gb Paging File | 5,93 Gb Available in Paging File | 76,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 18,78 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 70,77 Gb Free Space | 21,46% Space Free | Partition Type: NTFS
Drive G: | 465,64 Gb Total Space | 82,13 Gb Free Space | 17,64% Space Free | Partition Type: FAT32
 
Computer Name: MARIO-PC | User Name: Mario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/18 09:35:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
PRC - [2014/06/27 14:20:02 | 024,477,056 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/03/25 10:05:06 | 004,971,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/11 11:52:06 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/12/11 11:52:04 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/02/28 09:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
PRC - [2010/07/20 03:38:44 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/02/08 20:04:04 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/02/05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/02/04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/01/05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/01/05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/19 23:36:53 | 001,160,704 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\_ssl.pyd
MOD - [2014/07/19 23:36:53 | 000,805,888 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._gdi_.pyd
MOD - [2014/07/19 23:36:53 | 000,110,080 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\pywintypes27.dll
MOD - [2014/07/19 23:36:53 | 000,027,136 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\_multiprocessing.pyd
MOD - [2014/07/19 23:36:53 | 000,007,168 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\hashobjs_ext.pyd
MOD - [2014/07/19 23:36:52 | 000,811,008 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._windows_.pyd
MOD - [2014/07/19 23:36:52 | 000,713,216 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\_hashlib.pyd
MOD - [2014/07/19 23:36:52 | 000,070,656 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._html2.pyd
MOD - [2014/07/19 23:36:52 | 000,025,600 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32pdh.pyd
MOD - [2014/07/19 23:36:52 | 000,024,064 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32pipe.pyd
MOD - [2014/07/19 23:36:51 | 001,062,400 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._controls_.pyd
MOD - [2014/07/19 23:36:51 | 000,686,080 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\unicodedata.pyd
MOD - [2014/07/19 23:36:51 | 000,127,488 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\pyexpat.pyd
MOD - [2014/07/19 23:36:51 | 000,119,808 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32file.pyd
MOD - [2014/07/19 23:36:51 | 000,108,544 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32security.pyd
MOD - [2014/07/19 23:36:51 | 000,038,912 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32inet.pyd
MOD - [2014/07/19 23:36:51 | 000,018,432 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32event.pyd
MOD - [2014/07/19 23:36:51 | 000,017,408 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32profile.pyd
MOD - [2014/07/19 23:36:51 | 000,010,240 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\select.pyd
MOD - [2014/07/19 23:36:50 | 000,557,056 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\pysqlite2._sqlite.pyd
MOD - [2014/07/19 23:36:50 | 000,525,640 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\windows._lib_cacheinvalidation.pyd
MOD - [2014/07/19 23:36:50 | 000,167,936 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32gui.pyd
MOD - [2014/07/19 23:36:50 | 000,128,512 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\_elementtree.pyd
MOD - [2014/07/19 23:36:50 | 000,098,816 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32api.pyd
MOD - [2014/07/19 23:36:50 | 000,087,552 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\_ctypes.pyd
MOD - [2014/07/19 23:36:50 | 000,045,568 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\_socket.pyd
MOD - [2014/07/19 23:36:49 | 001,175,040 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._core_.pyd
MOD - [2014/07/19 23:36:49 | 000,364,544 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\pythoncom27.dll
MOD - [2014/07/19 23:36:49 | 000,320,512 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32com.shell.shell.pyd
MOD - [2014/07/19 23:36:49 | 000,022,528 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32ts.pyd
MOD - [2014/07/19 23:36:48 | 000,735,232 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._misc_.pyd
MOD - [2014/07/19 23:36:48 | 000,078,336 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._animate.pyd
MOD - [2014/07/19 23:36:48 | 000,011,264 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32crypt.pyd
MOD - [2014/07/19 23:36:47 | 000,122,368 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._wizard.pyd
MOD - [2014/07/19 23:36:44 | 000,035,840 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32process.pyd
MOD - [2014/05/14 19:45:09 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/02/15 22:38:01 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/13 14:22:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 14:21:26 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/13 14:21:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 14:21:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 14:20:55 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 14:20:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 14:20:49 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/13 14:20:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 14:20:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 14:20:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 14:47:13 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/12 14:47:07 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/12 14:47:02 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/12 14:46:50 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/12 14:46:39 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/12 14:46:39 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/12 14:46:36 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/12 14:46:31 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/12 14:46:30 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/12 14:46:22 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/06/29 13:10:52 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\VERSION.dll
MOD - [2010/02/03 01:51:50 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/02/03 01:51:32 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/03 01:51:24 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/03 01:51:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/02/03 01:51:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/01/05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/04 12:07:57 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_it_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/01/22 03:01:11 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2014/07/10 13:35:32 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/02 13:41:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/25 10:05:06 | 004,971,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/02/26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011/05/06 14:06:07 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/11/05 15:21:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/10/28 02:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/10/28 02:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/01 11:25:12 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/07/01 11:25:10 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/02/28 09:36:34 | 000,177,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/02/28 09:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/02/28 09:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/02/28 09:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/02/28 09:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/02/28 09:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/02/28 09:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/02/28 09:36:32 | 000,022,664 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/02/28 09:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/23 21:06:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/12/23 20:30:35 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/03 13:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/01/22 03:13:23 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/22 03:13:23 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 02:07:55 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/18 14:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/12/29 10:56:28 | 000,137,216 | ---- | M] (Olivetti) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmx3gnet.sys -- (pmx3gnet)
DRV:64bit: - [2009/12/29 10:56:28 | 000,118,016 | ---- | M] (Olivetti) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmx3gmdm.sys -- (pmx3gmdm)
DRV:64bit: - [2009/11/10 08:35:20 | 000,024,576 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkadi64.sys -- (bulkadi64)
DRV:64bit: - [2009/10/30 04:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/09/30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/10/30 05:16:30 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/06/24 19:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
IE - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..extensions.enabledAddons: fbchathistory%40firechm.com:1.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..extensions.enabledItems: {7a88e876-d715-4503-a7bf-a8eba13ca3f9}:2.5.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Mario\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (Sky Italia)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Mario\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (Sky Italia)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/12 21:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/07/02 13:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/02 13:41:32 | 000,000,000 | ---D | M]
 
[2010/11/05 01:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Extensions
[2014/07/16 22:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\noc55woq.default\extensions
[2014/03/30 21:40:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\noc55woq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/27 13:54:02 | 000,064,779 | ---- | M] () (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\noc55woq.default\extensions\fbchathistory@firechm.com.xpi
[2014/06/11 20:35:39 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\noc55woq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/09 13:51:28 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\noc55woq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/07/02 13:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2014/07/02 13:41:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/07/02 13:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/07/02 13:41:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/07/02 13:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/07/02 13:41:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/12 21:06:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/11/30 15:20:46 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Drive = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: AdBlock = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: avast! WebRep = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\
CHR - Extension: Google Wallet = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Google Drive = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: AdBlock = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: avast! WebRep = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\
CHR - Extension: Google Wallet = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/07/17 14:46:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.103.25.250 62.101.93.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{961293CB-4BA5-4ADA-8619-83C31649CCC8}: DhcpNameServer = 83.103.25.250 62.101.93.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3BFBDE4-6667-4A49-B612-DD5118546C0B}: DhcpNameServer = 83.103.25.250 62.101.93.101
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/14 11:56:44 | 000,000,049 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/19 23:33:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/19 23:32:25 | 002,086,912 | ---- | C] (Farbar) -- C:\Users\Mario\Desktop\FRST64.exe
[2014/07/19 23:32:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
[2014/07/18 14:45:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\bleeping computer
[2014/07/18 13:43:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/18 13:34:55 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/18 13:34:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/17 21:30:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/17 21:29:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/07/17 14:31:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/17 14:31:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/17 14:31:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/17 14:27:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/17 14:27:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/09 14:15:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/07/09 14:10:11 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/09 14:10:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/07/09 14:10:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/09 14:10:09 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/09 14:10:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/09 14:10:07 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/09 14:10:07 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/09 14:10:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/09 14:09:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/07/09 14:09:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/09 14:09:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/09 14:09:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/09 14:09:54 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/09 14:09:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/09 14:09:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/09 14:09:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/09 14:09:53 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/09 14:09:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/09 14:09:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/09 14:09:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/07/09 14:09:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/07/09 14:09:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/07/09 14:09:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/07/09 14:09:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/09 14:09:01 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/09 14:08:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/09 14:08:56 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 14:08:55 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 14:08:48 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 14:08:48 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 14:08:40 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/02 13:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/30 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\Adobe
[2010/12/23 20:30:35 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Mario\AppData\Roaming\pcouffin.sys
[2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[2 C:\Users\Mario\Desktop\*.tmp files -> C:\Users\Mario\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/19 23:43:11 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/19 23:43:11 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/19 23:35:59 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/19 23:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/19 23:35:16 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/19 19:11:38 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/19 18:35:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/19 13:28:35 | 000,237,937 | ---- | M] () -- C:\Users\Mario\Desktop\Screenshot 2.jpg
[2014/07/19 13:28:07 | 000,319,260 | ---- | M] () -- C:\Users\Mario\Desktop\Screenshot 1.jpg
[2014/07/19 12:34:08 | 002,086,912 | ---- | M] (Farbar) -- C:\Users\Mario\Desktop\FRST64.exe
[2014/07/18 09:35:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
[2014/07/17 14:46:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/12 15:15:38 | 001,661,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/12 15:15:38 | 000,741,652 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/07/12 15:15:38 | 000,654,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/12 15:15:38 | 000,147,674 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/07/12 15:15:38 | 000,122,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/10 13:35:31 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/10 13:35:31 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/10 13:29:34 | 000,420,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/30 04:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/30 04:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/21 14:01:14 | 000,002,404 | ---- | M] () -- C:\Users\Mario\Desktop\connessione arcella.RDP
[2 C:\Users\Mario\Desktop\*.tmp files -> C:\Users\Mario\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/19 13:28:35 | 000,237,937 | ---- | C] () -- C:\Users\Mario\Desktop\Screenshot 2.jpg
[2014/07/19 13:28:07 | 000,319,260 | ---- | C] () -- C:\Users\Mario\Desktop\Screenshot 1.jpg
[2014/07/17 14:31:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/17 14:31:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/17 14:31:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/17 14:31:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/17 14:31:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/08 15:31:07 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2014/01/08 15:31:07 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/11/16 13:48:26 | 000,000,600 | ---- | C] () -- C:\Users\Mario\AppData\Local\PUTTY.RND
[2013/10/28 14:53:31 | 001,636,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/12 21:07:33 | 001,187,697 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/12 21:07:33 | 000,001,233 | ---- | C] () -- C:\Windows\unins000.dat
[2013/03/24 12:45:14 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/11/11 16:57:32 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/14 20:14:55 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/10/14 20:14:55 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/27 13:54:04 | 000,131,072 | ---- | C] () -- C:\Users\Mario\fbchathistory.dat
[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/25 14:42:39 | 000,000,600 | ---- | C] () -- C:\Users\Mario\PUTTY.RND
[2011/08/09 03:11:41 | 000,000,098 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Movies2iPhone.ini
[2011/02/02 15:15:35 | 000,000,841 | ---- | C] () -- C:\Users\Mario\.recently-used.xbel
[2011/02/02 15:13:17 | 000,000,000 | ---- | C] () -- C:\Users\Mario\.gtk-bookmarks
[2011/01/02 13:21:29 | 000,000,017 | ---- | C] () -- C:\Users\Mario\AppData\Local\resmon.resmoncfg
[2010/12/23 20:30:35 | 000,093,696 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\ezpinst.exe
[2010/12/23 20:30:35 | 000,007,176 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\pcouffin.cat
[2010/12/23 20:30:35 | 000,001,167 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\pcouffin.inf
[2010/07/20 03:16:43 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\erdnt\cache64\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500325AS
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: SAMSUNG HM500JI USB Device
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20,00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 116,00GB
Starting Offset: 20974464000
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 330,00GB
Starting Offset: 145998479360
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466,00GB
Starting Offset: 1048576
Hidden sectors: 0
 

< End of report >
 



#9 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 19 July 2014 - 05:05 PM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Mario (administrator) on MARIO-PC on 19-07-2014 23:57:02
Running from C:\Users\Mario\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-02-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-2618497152-2901538135-3777664876-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: snxPluginsShell -> {F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: avast! Ad Blocker -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: avast! Ad Blocker -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.103.25.250 62.101.93.101

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\noc55woq.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Mario\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (Sky Italia)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Mario\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (Sky Italia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: DownloadHelper - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\noc55woq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-30]
FF Extension: Facebook Chat History Manager - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\noc55woq.default\Extensions\fbchathistory@firechm.com.xpi [2012-09-27]
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\noc55woq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-22]
FF Extension: DownThemAll! - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\noc55woq.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-05-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2014-07-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-12]

Chrome:
=======
CHR HomePage: https://www.google.it/
CHR StartupUrls: "https://www.google.it/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-05]
CHR Extension: (YouTube) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Ricerca Google) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (avast! Ad Blocker) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-11-15]
CHR Extension: (AdBlock) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-22]
CHR Extension: (avast! WebRep) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-06-12]
CHR Extension: (Google Wallet) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mario\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-05]
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-06-12]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-06-12]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-02-28] (AVAST Software)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-11-05] (Macrovision Europe Ltd.) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-05-06] () [File not signed]
S4 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22664 2013-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] ()
S3 bulkadi64; C:\Windows\System32\Drivers\bulkadi64.sys [24576 2009-11-10] (Windows ® Codename Longhorn DDK provider)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [32256 2009-06-24] (http://libusb-win32.sourceforge.net) [File not signed]
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2010-12-23] (VSO Software) [File not signed]
S3 pmx3gmdm; C:\Windows\System32\DRIVERS\pmx3gmdm.sys [118016 2009-12-29] (Olivetti) [File not signed]
S3 pmx3gnet; C:\Windows\System32\DRIVERS\pmx3gnet.sys [137216 2009-12-29] (Olivetti) [File not signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-23] () [File not signed]
U3 aj0mlisp; C:\Windows\System32\Drivers\aj0mlisp.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 23:57 - 2014-07-19 23:57 - 00027691 _____ () C:\Users\Mario\Desktop\FRST.txt
2014-07-19 23:56 - 2014-07-19 23:57 - 00000000 ____D () C:\FRST
2014-07-19 23:54 - 2014-07-19 23:54 - 00150298 _____ () C:\Users\Mario\Desktop\OTL.Txt
2014-07-19 23:38 - 2014-07-19 23:38 - 00010524 _____ () C:\Users\Mario\Desktop\07192014_233332.log
2014-07-19 23:33 - 2014-07-19 23:33 - 00000000 ____D () C:\_OTL
2014-07-19 23:32 - 2014-07-19 12:35 - 00001477 _____ () C:\Users\Mario\Desktop\Stringhe da inserire in otl.txt
2014-07-19 23:32 - 2014-07-19 12:34 - 02086912 _____ (Farbar) C:\Users\Mario\Desktop\FRST64.exe
2014-07-19 23:32 - 2014-07-18 09:35 - 00602112 _____ (OldTimer Tools) C:\Users\Mario\Desktop\OTL.exe
2014-07-18 14:45 - 2014-07-18 14:45 - 00000000 ____D () C:\Users\Mario\Desktop\bleeping computer
2014-07-18 14:18 - 2014-07-18 14:18 - 00043602 _____ () C:\Users\Mario\Documents\Extras.txt
2014-07-18 14:17 - 2014-07-18 14:17 - 00076553 _____ () C:\Users\Mario\Documents\OTL.txt
2014-07-18 13:43 - 2014-07-18 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-07-18 13:34 - 2014-07-18 13:36 - 00000000 ____D () C:\AdwCleaner
2014-07-18 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-17 21:29 - 2014-07-17 21:29 - 00024458 _____ () C:\ComboFix.txt
2014-07-17 14:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 14:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 14:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 14:27 - 2014-07-17 21:30 - 00000000 ____D () C:\Qoobox
2014-07-17 14:27 - 2014-07-17 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 00:20 - 2014-07-17 00:20 - 00276000 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-16 23:45 - 2014-07-16 23:46 - 00276000 _____ () C:\Windows\Minidump\071614-19593-01.dmp
2014-07-16 23:41 - 2014-07-17 00:52 - 16031609 _____ () C:\Users\Mario\Downloads\SynthEyes.v2012 crack.rar
2014-07-15 23:41 - 2014-07-15 23:41 - 01955992 _____ (Avanquest Software ) C:\Users\Mario\Downloads\SmartDriverUpdater.exe
2014-07-15 21:52 - 2014-07-15 21:52 - 11623550 _____ () C:\Users\Mario\Downloads\REDMCC-00247771-0042.zip
2014-07-15 21:49 - 2014-07-15 21:49 - 02006176 _____ () C:\Users\Mario\Downloads\REDETH-00247766-0042(1).zip
2014-07-15 21:48 - 2014-07-15 21:49 - 11794988 _____ () C:\Users\Mario\Downloads\INDSNR-00244584-0042.zip
2014-07-15 21:38 - 2014-07-15 21:38 - 03570559 _____ () C:\Users\Mario\Downloads\INDCHI-00244586-0042.zip
2014-07-15 21:37 - 2014-07-15 21:37 - 02006176 _____ () C:\Users\Mario\Downloads\REDETH-00247766-0042.zip
2014-07-15 21:12 - 2014-07-15 21:13 - 04755200 _____ (AVG Technologies) C:\Users\Mario\Downloads\avg_free_stb_all_2014_4716.exe
2014-07-14 22:51 - 2014-07-14 22:51 - 00454089 _____ () C:\Users\Mario\Downloads\Torrent.zip
2014-07-14 22:50 - 2014-07-14 22:50 - 00015757 _____ () C:\Users\Mario\Downloads\[h33.to]Luxology Modo 701 SP2.torrent
2014-07-14 22:46 - 2014-07-14 22:46 - 00365823 _____ () C:\Users\Mario\Downloads\[katproxy.com]autodesk.maya.v2015.win64.iso.torrent
2014-07-14 22:44 - 2014-07-14 22:44 - 00012973 _____ () C:\Users\Mario\Downloads\MONOVA.ORG Imagineer_Systems_Mocha_PRO_3.2.1.7276_(x86x64)+Crack-JGS.torrent
2014-07-14 22:43 - 2014-07-14 22:43 - 00012621 _____ () C:\Users\Mario\Downloads\Imagineer.Systems.Mocha.PRO.3.2.1.7276.(x86x64)+Crack-JGS.torrent
2014-07-14 22:39 - 2014-07-14 22:39 - 00011094 _____ () C:\Users\Mario\Downloads\[kickass.to]luxology.imagesynth.v2.0.torrent
2014-07-14 22:39 - 2014-07-14 22:39 - 00007973 _____ () C:\Users\Mario\Downloads\[kickass.to]adobe.photoshop.plugins.luxology.imagesynth.2.0.by.ebookking.torrent
2014-07-14 22:38 - 2014-07-14 22:38 - 00015798 _____ () C:\Users\Mario\Downloads\[kickass.to]smithmicro.poserfusion.2014.pack.v10.0.2.win.x86.x64.macosx.incl.keymaker.core.deepstatus.h33t.1337x.torrent
2014-07-14 22:38 - 2014-07-14 22:38 - 00014814 _____ () C:\Users\Mario\Downloads\[kickass.to]poser.pro.2014.torrent
2014-07-14 22:30 - 2014-07-14 22:35 - 83651744 _____ (Trimble Navigation Limited) C:\Users\Mario\Downloads\SketchUpMake-en.exe
2014-07-10 13:32 - 2014-07-19 23:38 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-09 14:10 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 14:10 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 14:10 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 14:10 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 14:10 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 14:10 - 2014-06-19 04:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 14:10 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 14:10 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 14:10 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 14:10 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 14:10 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 14:10 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 14:10 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 14:10 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 14:10 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 14:09 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 14:09 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 14:09 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 14:09 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 14:09 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 14:09 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 14:09 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 14:09 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 14:09 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 14:09 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 14:09 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 14:09 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 14:09 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 14:09 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 14:09 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 14:09 - 2014-06-19 01:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-09 14:09 - 2014-06-19 01:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-09 14:09 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 14:09 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 14:09 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 14:09 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 14:09 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 14:09 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 14:09 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 14:09 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 14:08 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 14:08 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 14:08 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 14:08 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 14:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 14:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 14:08 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 14:08 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 14:08 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 14:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-02 13:41 - 2014-07-02 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-30 14:47 - 2014-06-30 14:47 - 00000000 ____D () C:\Users\Mario\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-19 23:57 - 2014-07-19 23:57 - 00027691 _____ () C:\Users\Mario\Desktop\FRST.txt
2014-07-19 23:57 - 2014-07-19 23:56 - 00000000 ____D () C:\FRST
2014-07-19 23:54 - 2014-07-19 23:54 - 00150298 _____ () C:\Users\Mario\Desktop\OTL.Txt
2014-07-19 23:43 - 2009-07-14 06:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 23:43 - 2009-07-14 06:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 23:40 - 2010-07-20 02:56 - 01711176 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 23:38 - 2014-07-19 23:38 - 00010524 _____ () C:\Users\Mario\Desktop\07192014_233332.log
2014-07-19 23:38 - 2014-07-10 13:32 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-19 23:38 - 2012-09-18 19:43 - 00000000 ___RD () C:\Users\Mario\Google Drive
2014-07-19 23:35 - 2013-10-28 23:18 - 00015474 _____ () C:\Windows\setupact.log
2014-07-19 23:35 - 2010-07-20 03:15 - 00001160 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 23:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 23:33 - 2014-07-19 23:33 - 00000000 ____D () C:\_OTL
2014-07-19 19:11 - 2010-07-20 03:15 - 00001164 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 18:35 - 2012-04-06 16:54 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 15:22 - 2013-08-30 22:24 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\vlc
2014-07-19 12:35 - 2014-07-19 23:32 - 00001477 _____ () C:\Users\Mario\Desktop\Stringhe da inserire in otl.txt
2014-07-19 12:34 - 2014-07-19 23:32 - 02086912 _____ (Farbar) C:\Users\Mario\Desktop\FRST64.exe
2014-07-18 14:45 - 2014-07-18 14:45 - 00000000 ____D () C:\Users\Mario\Desktop\bleeping computer
2014-07-18 14:18 - 2014-07-18 14:18 - 00043602 _____ () C:\Users\Mario\Documents\Extras.txt
2014-07-18 14:17 - 2014-07-18 14:17 - 00076553 _____ () C:\Users\Mario\Documents\OTL.txt
2014-07-18 13:43 - 2014-07-18 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-07-18 13:37 - 2010-07-20 03:23 - 00256022 _____ () C:\Windows\PFRO.log
2014-07-18 13:36 - 2014-07-18 13:34 - 00000000 ____D () C:\AdwCleaner
2014-07-18 09:35 - 2014-07-19 23:32 - 00602112 _____ (OldTimer Tools) C:\Users\Mario\Desktop\OTL.exe
2014-07-17 21:30 - 2014-07-17 14:27 - 00000000 ____D () C:\Qoobox
2014-07-17 21:29 - 2014-07-17 21:29 - 00024458 _____ () C:\ComboFix.txt
2014-07-17 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-17 15:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-17 14:55 - 2014-07-17 14:27 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:41 - 2010-11-05 00:39 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-07-17 02:34 - 2013-04-14 10:19 - 00000000 ____D () C:\Program Files\xdccMule
2014-07-17 01:02 - 2012-09-12 14:26 - 00928174 _____ () C:\Users\Mario\Downloads\z4root.1.1.0.apk
2014-07-17 00:57 - 2014-01-26 13:44 - 00000000 ____D () C:\Users\Mario\Downloads\SARDU_2.0.6.5
2014-07-17 00:57 - 2014-01-26 13:43 - 00002401 _____ () C:\Users\Mario\Downloads\SARDU_2.0.6.5.zip
2014-07-17 00:56 - 2012-09-12 14:27 - 01126603 _____ () C:\Users\Mario\Downloads\UniversalAndroot-1.6.2-beta5.apk
2014-07-17 00:52 - 2014-07-16 23:41 - 16031609 _____ () C:\Users\Mario\Downloads\SynthEyes.v2012 crack.rar
2014-07-17 00:52 - 2012-09-13 05:27 - 10619624 _____ () C:\Users\Mario\Downloads\SuperOneClickv2.3.3-ShortFuse.zip
2014-07-17 00:52 - 2011-10-16 12:50 - 11397581 _____ () C:\Users\Mario\Downloads\OntrackEasyRecoveryPro.v6.20FULL.rar
2014-07-17 00:20 - 2014-07-17 00:20 - 00276000 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 00:20 - 2011-05-23 21:32 - 00000000 ____D () C:\Windows\Minidump
2014-07-16 23:56 - 2013-09-07 14:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-16 23:46 - 2014-07-16 23:45 - 00276000 _____ () C:\Windows\Minidump\071614-19593-01.dmp
2014-07-15 23:41 - 2014-07-15 23:41 - 01955992 _____ (Avanquest Software ) C:\Users\Mario\Downloads\SmartDriverUpdater.exe
2014-07-15 21:52 - 2014-07-15 21:52 - 11623550 _____ () C:\Users\Mario\Downloads\REDMCC-00247771-0042.zip
2014-07-15 21:49 - 2014-07-15 21:49 - 02006176 _____ () C:\Users\Mario\Downloads\REDETH-00247766-0042(1).zip
2014-07-15 21:49 - 2014-07-15 21:48 - 11794988 _____ () C:\Users\Mario\Downloads\INDSNR-00244584-0042.zip
2014-07-15 21:38 - 2014-07-15 21:38 - 03570559 _____ () C:\Users\Mario\Downloads\INDCHI-00244586-0042.zip
2014-07-15 21:37 - 2014-07-15 21:37 - 02006176 _____ () C:\Users\Mario\Downloads\REDETH-00247766-0042.zip
2014-07-15 21:13 - 2014-07-15 21:12 - 04755200 _____ (AVG Technologies) C:\Users\Mario\Downloads\avg_free_stb_all_2014_4716.exe
2014-07-14 22:51 - 2014-07-14 22:51 - 00454089 _____ () C:\Users\Mario\Downloads\Torrent.zip
2014-07-14 22:50 - 2014-07-14 22:50 - 00015757 _____ () C:\Users\Mario\Downloads\[h33.to]Luxology Modo 701 SP2.torrent
2014-07-14 22:46 - 2014-07-14 22:46 - 00365823 _____ () C:\Users\Mario\Downloads\[katproxy.com]autodesk.maya.v2015.win64.iso.torrent
2014-07-14 22:44 - 2014-07-14 22:44 - 00012973 _____ () C:\Users\Mario\Downloads\MONOVA.ORG Imagineer_Systems_Mocha_PRO_3.2.1.7276_(x86x64)+Crack-JGS.torrent
2014-07-14 22:43 - 2014-07-14 22:43 - 00012621 _____ () C:\Users\Mario\Downloads\Imagineer.Systems.Mocha.PRO.3.2.1.7276.(x86x64)+Crack-JGS.torrent
2014-07-14 22:39 - 2014-07-14 22:39 - 00011094 _____ () C:\Users\Mario\Downloads\[kickass.to]luxology.imagesynth.v2.0.torrent
2014-07-14 22:39 - 2014-07-14 22:39 - 00007973 _____ () C:\Users\Mario\Downloads\[kickass.to]adobe.photoshop.plugins.luxology.imagesynth.2.0.by.ebookking.torrent
2014-07-14 22:38 - 2014-07-14 22:38 - 00015798 _____ () C:\Users\Mario\Downloads\[kickass.to]smithmicro.poserfusion.2014.pack.v10.0.2.win.x86.x64.macosx.incl.keymaker.core.deepstatus.h33t.1337x.torrent
2014-07-14 22:38 - 2014-07-14 22:38 - 00014814 _____ () C:\Users\Mario\Downloads\[kickass.to]poser.pro.2014.torrent
2014-07-14 22:35 - 2014-07-14 22:30 - 83651744 _____ (Trimble Navigation Limited) C:\Users\Mario\Downloads\SketchUpMake-en.exe
2014-07-12 15:15 - 2009-08-04 12:09 - 00741652 _____ () C:\Windows\system32\perfh010.dat
2014-07-12 15:15 - 2009-08-04 12:09 - 00147674 _____ () C:\Windows\system32\perfc010.dat
2014-07-12 15:15 - 2009-07-14 07:13 - 01661252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 14:26 - 2012-10-07 11:56 - 00000000 ____D () C:\Windows\rescache
2014-07-10 13:35 - 2012-04-06 16:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 13:35 - 2012-04-06 16:54 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 13:35 - 2011-05-16 13:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 13:29 - 2009-07-14 06:45 - 00420928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 14:47 - 2014-05-02 14:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 14:47 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 14:21 - 2010-11-05 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 14:18 - 2013-07-13 15:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 14:15 - 2012-09-18 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-09 14:14 - 2010-11-06 15:10 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 13:22 - 2012-06-07 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-02 13:41 - 2014-07-02 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-30 14:47 - 2014-06-30 14:47 - 00000000 ____D () C:\Users\Mario\AppData\Local\Adobe
2014-06-30 04:09 - 2014-07-09 14:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 14:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 14:06 - 2010-07-20 03:15 - 00004160 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-27 14:06 - 2010-07-20 03:15 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 14:01 - 2011-06-24 20:10 - 00002404 _____ () C:\Users\Mario\Desktop\connessione arcella.RDP
2014-06-19 04:12 - 2014-07-09 14:10 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-09 14:09 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-09 14:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-09 14:10 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-09 14:10 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 04:11 - 2014-07-09 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 04:10 - 2014-07-09 14:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-09 14:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-09 14:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 04:10 - 2014-07-09 14:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-09 14:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-09 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-09 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-09 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-09 14:10 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-09 14:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-09 14:10 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-09 14:09 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-09 14:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-09 14:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-09 14:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-09 14:09 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-09 14:09 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-09 14:09 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-09 14:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-09 14:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-09 14:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-09 14:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-09 14:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:37 - 2014-07-09 14:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-19 01:34 - 2014-07-09 14:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\Mario\fbchathistory.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 14:13

==================== End Of Log ============================

 

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Mario at 2014-07-19 23:57:49
Running from C:\Users\Mario\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português (HKLM-x32\...\{AC76BA86-1040-7D70-7761-000000000004}{AC76BA86-1040-7D70-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1040-7D70-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AdunanzA (HKLM-x32\...\eMule AdunanzA) (Version:  - )
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.35 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avast License by ZeNiX [2012-06-29] (HKLM-x32\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version:  - )
avast! Ad Blocker (HKLM-x32\...\{021C6667-63D3-4416-B537-865E77F4DF4F}) (Version: 1.0.0.0 - AVAST Software)
avast! Pro Antivirus (HKLM-x32\...\avast) (Version: 8.0.1482.0 - AVAST Software)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burraconline CLIENT (HKLM-x32\...\{082EA2B7-C14C-4D48-8527-EF8375E99EBE}) (Version: 1.0.5 - Drag & Air S.n.c.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
Centro gestione dispositivi Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.6 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
EasyRecovery Professional (HKLM-x32\...\InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}) (Version: 6.03.04 - Ontrack Data International, Inc.)
EasyRecovery Professional (x32 Version: 6.03.04 - Ontrack Data International, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
iBackupBot for iTunes 4.1.6 (HKLM-x32\...\iBackupBot for iTunes) (Version: 4.1.6 - VOWSoft, Ltd.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
K-Lite Codec Pack 9.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
K-Lite Codec Pack 9.5.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.5.0 - )
Messenger Plus! (HKLM-x32\...\Messenger Plus!) (Version: 6.00.0.774 - Yuna Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Movies2iPhone 2.18 for Windows (HKLM-x32\...\Movies2iPhone) (Version: 2.18 for Windows - OKprods Ltd)
Mozilla Firefox 30.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 it)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Noise Reduction Plug-in 2.0i (HKLM-x32\...\{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}) (Version: 2.0.455 - Sony)
NSIS FreePOPs (remove only) (HKLM-x32\...\FreePOPs) (Version:  - )
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Secure Eraser v4.0 (HKLM-x32\...\Secure Eraser_is1) (Version:  - ASCOMP Software GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sky Go Player (HKLM-x32\...\{32df31d2-9751-425f-ab51-eec25cf7296a}) (Version: 3.0 - Sky Italia)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Forge Pro 10.0 (HKLM-x32\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Supporto applicazioni Apple (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Tansee iPhone Transfer SMS 5.1.0.0 (HKLM-x32\...\Tansee iPhone Transfer SMS_is1) (Version: 5.1.0.0 - Tansee, Inc.)
TavoliVerdi 2010 (HKLM-x32\...\TavoliVerdi 20107.1.0) (Version: 7.1.0 - TavoliVerdi)
TavoliVerdi 2012 (HKLM-x32\...\TavoliVerdi 20129.8.0) (Version: 9.8.0 - TavoliVerdi)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UltraVNC 1.0.6.4 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.6.4 - 1.0.6.4)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.WORD_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0410-0000-0000000FF1CE}_Office14.PROPLUS_{BC402055-F185-4D14-A664-12ED2EF8B5B6}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0410-0000-0000000FF1CE}_Office14.PROPLUS_{9FD4ABF7-0359-4953-BAC8-0F99C873797E}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.205 - Sonix)
Utility Configurazione iPhone (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version:  - )
VueScan (HKLM-x32\...\VueScan) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.6  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinSCP 4.0.5 (HKLM-x32\...\winscp3_is1) (Version: 4.0.5 - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version:  - )

==================== Restore Points  =========================

17-07-2014 12:31:20 ComboFix created restore point
18-07-2014 12:04:02 OTL Restore Point - 18/07/2014 14:04:00
19-07-2014 21:44:16 OTL Restore Point - 19/07/2014 23:44:14

==================== Hosts content: ==========================

2011-10-04 21:48 - 2014-07-17 14:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {11FE60A7-0AE7-47DE-B422-02A995BCA680} - System32\Tasks\{9AC7F842-68C3-46A2-AA58-85F4F4161381} => C:\Program Files\Alwil Software\Avast4\ashAvast.exe
Task: {5B8054E8-E8AE-42C6-899F-8DCA311CB5BC} - System32\Tasks\{D80423CC-BBF1-472A-AE2B-FAA3D76F5E65} => C:\Users\Mario\Desktop\lide20lide30n670un676un1240uvst7031a_xpit_002.exe
Task: {60465289-B62C-4EC9-8F59-BC2522B7CBDD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-28] (AVAST Software)
Task: {79DBE3D1-A828-4186-817F-96BE5DF08768} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-04-09] (ATK)
Task: {7D7C30CF-DD8E-4803-8ACE-E47E49C20838} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {7F2A952A-D7F4-4601-BDE6-7A4CF6F5F655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20] (Google Inc.)
Task: {A9D0D88C-9C59-44AE-B5C3-943F16F5C80B} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {BD7533D2-1FA0-41DE-B8EC-A3AE9C4D32A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20] (Google Inc.)
Task: {C113A8FB-1C57-4717-9F87-2AB2AC996A00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C548276C-FEFF-4EAD-BE62-023B1CB1CB31} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-24] ()
Task: {D2339DC4-14C8-40C6-90F2-413B580D656E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {D8198521-A8DA-4941-97C2-E3EB64947224} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {E9A80755-F61E-4A5F-B932-7F9F6B12243F} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {FE8C1117-1F32-4C6B-AFA8-4879B18ADFAE} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-02-08] (asus)
Task: {FECCC4C3-A89A-41DC-8C59-BBCA133DEAF4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-11 15:27 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2013-02-11 15:27 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-07-20 03:16 - 2010-07-20 03:16 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-07-20 03:16 - 2010-07-20 03:16 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-11-05 00:39 - 2008-06-20 01:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-10-15 16:11 - 2011-05-28 01:52 - 00557280 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2010-07-20 03:38 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-02-04 02:14 - 2010-02-04 02:14 - 00033792 _____ () C:\Program Files\P4G\OvrClk.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-23 19:21 - 2008-10-23 19:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-20 03:31 - 2010-07-20 03:31 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-12 21:07 - 2012-06-29 13:10 - 00836608 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2014-07-19 23:27 - 2014-07-19 19:24 - 02820608 _____ () C:\Program Files\AVAST Software\Avast\defs\14071901\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-07-19 23:36 - 2014-07-19 23:36 - 00098816 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32api.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00110080 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\pywintypes27.dll
2014-07-19 23:36 - 2014-07-19 23:36 - 00364544 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\pythoncom27.dll
2014-07-19 23:36 - 2014-07-19 23:36 - 00045568 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\_socket.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 01160704 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\_ssl.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00320512 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32com.shell.shell.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00713216 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\_hashlib.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 01175040 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._core_.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00805888 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._gdi_.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00811008 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._windows_.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 01062400 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._controls_.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00735232 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._misc_.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00128512 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\_elementtree.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00127488 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\pyexpat.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00557056 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\pysqlite2._sqlite.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00007168 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\hashobjs_ext.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00087552 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\_ctypes.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00119808 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32file.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00108544 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32security.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00018432 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32event.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00038912 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32inet.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00070656 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._html2.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00167936 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32gui.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00011264 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32crypt.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00027136 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\_multiprocessing.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00122368 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._wizard.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00010240 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\select.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00024064 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32pipe.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00686080 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\unicodedata.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00025600 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32pdh.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00525640 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\windows._lib_cacheinvalidation.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00035840 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32process.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00017408 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32profile.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00022528 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\win32ts.pyd
2014-07-19 23:36 - 2014-07-19 23:36 - 00078336 _____ () C:\Users\Mario\AppData\Local\Temp\_MEI34162\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: iPhone PC Suite => C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MessengerPlusForSkypeService => "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\Mario\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: PlusService => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 01:27:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 01:27:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/19/2014 11:39:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Intel® Management & Security Application User Notification Service dipende dal servizio Intel® Management and Security Application Local Management Service che non è stato avviato per il seguente errore:
%%1058

Error: (07/19/2014 11:37:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Listener Gruppo Home terminato. Errore specifico del servizio %%-2147023143.

Error: (07/19/2014 11:36:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Acquisizione di immagini di Windows (WIA) non è stato avviato per il seguente errore:
%%1053

Error: (07/19/2014 11:36:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Acquisizione di immagini di Windows (WIA).

Error: (07/19/2014 11:36:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spybot-S&D 2 Scanner Service non è stato avviato per il seguente errore:
%%1053

Error: (07/19/2014 11:36:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Spybot-S&D 2 Scanner Service.

Error: (07/19/2014 11:35:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Messenger Plus! Service non è stato avviato per il seguente errore:
%%2

Error: (07/19/2014 11:35:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Firewall terminato. Errore specifico del servizio %%13.

Error: (07/19/2014 11:33:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio ASLDR Service. Questo evento si è già verificato 1 volta(e).

Error: (07/19/2014 11:27:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Intel® Management & Security Application User Notification Service dipende dal servizio Intel® Management and Security Application Local Management Service che non è stato avviato per il seguente errore:
%%1058


Microsoft Office Sessions:
=========================
Error: (07/19/2014 01:27:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (07/19/2014 01:27:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-17 14:41:27.310
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-07-17 14:41:27.123
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:38.135
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:37.889
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:35.513
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:35.292
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:32.720
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:32.504
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:30.198
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2014-01-08 14:31:29.980
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3948.54 MB
Available physical RAM: 2050.47 MB
Total Pagefile: 7895.27 MB
Available Pagefile: 5810.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:18.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:70.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

Hope i've done everything well

 

Thank you once again.

 

Have a nice day

 

Bye

 

Mario



#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 20 July 2014 - 04:18 AM

You have done well running the scans but there are some traces of infection left.

However, you have a collection of illegal software on your system, which is how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal.of it.

Continuing to help you could be viewed as supporting/condoning this therefore, if you require further help I need you to uninstall all the illegal software that you have downloaded and installed. When you have done this, run the following scan.

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • doubleclick CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Satchfan


Edited by satchfan, 20 July 2014 - 04:24 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 21 July 2014 - 02:24 AM

Hi satchfan, i've unistalled and deleted the illegal programs i had in my pc. as you told me to do i run the ckscanner and here's the log.:

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\openssh\bin\ssh-keygen.exe
c:\program files (x86)\openssh\docs\ssh-keygen-manual.htm
c:\windows\autokms\autokms.exe
scanner sequence 3.CP.11.XVLBP0
 ----- EOF -----
 

Reading better at the logs i've posted before i've found the file "fullremove" you told me to unistall:

"C:\ProgramData\Fullremove.exe" what I have to do?

Do you know also what these exe are?:

2014-07-17 14:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 14:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 14:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

 

Thank you very much.

 

Have a good day

 

Bye

Mario



#12 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 21 July 2014 - 06:29 AM

Hi Mario
 

i've unistalled and deleted the illegal programs i had in my pc. as you told me to do

 

 

You need to delete another also:

In Windows Explorer, (Windows key+E), locate and delete c:\windows\autokms\autokms.exe
 

Reading better at the logs i've posted before i've found the file "fullremove" you told me to unistall:

"C:\ProgramData\Fullremove.exe" what I have to do?


Navigate to Program Files in folder in Windows Explorer and delete Fullremove.exe
 

Do you know also what these exe are?:

2014-07-17 14:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 14:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 14:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 14:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe


Those are OK and will be removed when we tidy up the tools we’ve used.

=====================================

I see that some things have been disabled via MSCONFIG but I need you to run a different scan to see how much of it is still on your machine.

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:
    :filefind
    *SweetIM*
    
    :folderfind
    * SweetIM *
    
    :Regfind
    SweetIM
    
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Satchfan


Edited by satchfan, 22 July 2014 - 01:34 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 22 July 2014 - 07:02 AM

Hi satchfan,

i'm sorry but the links you've given to me aren't available anymore. When I try to download the program it gives to me a 404 error "not found".

 

What I have to do now?

 

Thank you

 

Bye

Mario



#14 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:18 AM

Posted 22 July 2014 - 07:40 AM

My apologies Mario, should have checked the links. :blush:

Try this:

SystemLook (64-bit)


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 MarioItaly

MarioItaly
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 22 July 2014 - 02:04 PM

Nevermind satchfan. Here you are the log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:55 on 22/07/2014 by Mario
Administrator - Elevation successful

========== filefind ==========

Searching for "*SweetIM*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM.zip    --a---- 625 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] BF091EF6529649B426EF6CBB4AAA61B3
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM1.zip    --a---- 638 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] DF214B943A0BD4E620F3FD4E596AB55F
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM10.zip    --a---- 2494 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 1C0302814A5B0BBB8FA7363ED5F7F662
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM11.zip    --a---- 355 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] EAF3EC3E3D2B635FB10427854881FE04
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM12.zip    --a---- 339 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 32DB1268921C9EE1614A5F2587DD9651
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM13.zip    --a---- 328 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 1168DC1E06CC2988E6C711886ACD99C0
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM14.zip    --a---- 322 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] AFBC8A7834C7847A0BB0AE543758F872
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM15.zip    --a---- 614 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 171663AC5151D794930084BBCABFEBB6
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM16.zip    --a---- 615 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 11F2E5FF147E484B5F10097A32EEBF4E
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM17.zip    --a---- 67623 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 477A9D826DAFC9D3D401CDBCA9AD23E5
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM18.zip    --a---- 709 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 6AE1578368708A677263F98F6AD7303F
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM19.zip    --a---- 618 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 73A6089A694FF56E7E4F09D3240AB2F7
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM2.zip    --a---- 662 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 937BFE277CC9EAF6E31B43281F3E6680
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM3.zip    --a---- 683 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] A90B25CF94A94BEB3C62E75E65C4D0BE
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM4.zip    --a---- 571 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 38DB7AF7EA37F1419D42AF06DE3ACFAB
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM5.zip    --a---- 613 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 5686616D7F42837D2A862D9C79E89D9E
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM6.zip    --a---- 556 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] B8264D36EF4EA8589805BB6C26995195
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM7.zip    --a---- 554 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] EAB2422017A398F059FCFD8403359178
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM8.zip    --a---- 487 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 4B113E7478C4F871520AE09DE795F13C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM9.zip    --a---- 731 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] E5711A53903678F43B7ABB1AA61BA6C3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM.zip    --a---- 625 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] BF091EF6529649B426EF6CBB4AAA61B3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM1.zip    --a---- 638 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] DF214B943A0BD4E620F3FD4E596AB55F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM10.zip    --a---- 2494 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 1C0302814A5B0BBB8FA7363ED5F7F662
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM11.zip    --a---- 355 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] EAF3EC3E3D2B635FB10427854881FE04
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM12.zip    --a---- 339 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 32DB1268921C9EE1614A5F2587DD9651
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM13.zip    --a---- 328 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 1168DC1E06CC2988E6C711886ACD99C0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM14.zip    --a---- 322 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] AFBC8A7834C7847A0BB0AE543758F872
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM15.zip    --a---- 614 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 171663AC5151D794930084BBCABFEBB6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM16.zip    --a---- 615 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 11F2E5FF147E484B5F10097A32EEBF4E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM17.zip    --a---- 67623 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 477A9D826DAFC9D3D401CDBCA9AD23E5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM18.zip    --a---- 709 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 6AE1578368708A677263F98F6AD7303F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM19.zip    --a---- 618 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 73A6089A694FF56E7E4F09D3240AB2F7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM2.zip    --a---- 662 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 937BFE277CC9EAF6E31B43281F3E6680
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM3.zip    --a---- 683 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] A90B25CF94A94BEB3C62E75E65C4D0BE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM4.zip    --a---- 571 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 38DB7AF7EA37F1419D42AF06DE3ACFAB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM5.zip    --a---- 613 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 5686616D7F42837D2A862D9C79E89D9E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM6.zip    --a---- 556 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] B8264D36EF4EA8589805BB6C26995195
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM7.zip    --a---- 554 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] EAB2422017A398F059FCFD8403359178
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM8.zip    --a---- 487 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] 4B113E7478C4F871520AE09DE795F13C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM9.zip    --a---- 731 bytes    [12:15 07/09/2013]    [12:15 07/09/2013] E5711A53903678F43B7ABB1AA61BA6C3

========== folderfind ==========

Searching for "* SweetIM *"
No folders found.

========== Regfind ==========

Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM]
"item"="SweetIM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM]
"command"="C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator]
"command"="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[HKEY_USERS\S-1-5-21-2618497152-2901538135-3777664876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[HKEY_USERS\S-1-5-21-2618497152-2901538135-3777664876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

-= EOF =-

 

Thank you

 

Have a good day (here is evening :) )

 

Bye

Mario






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users