Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by ilaria (administrator) on PC-ILARIA (03-12-2015 16:41:18)
Running from C:\Users\ilaria\Downloads
Loaded Profiles: ilaria (Available Profiles: ilaria)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: Italiano (Italia)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2819984 2015-12-02] ()
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-04-04] (Hewlett-Packard)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3209216 2012-02-02] (Ares Development Group)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-26] ()
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-07-31] (EasyBits Software Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2011-12-24]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk [2013-12-01]
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FA398DEF-1EE9-4888-877B-34EC11D91545}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.it/
SearchScopes: HKLM -> DefaultScope {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKLM-x32 -> DefaultScope {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM-x32 -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM-x32 -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {E45EECB3-902D-4DB8-A238-0F2C121AB48E} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll [2015-12-02] (AVG)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Soda PDF 5 IE Helper -> {C737F472-1193-4281-BF53-A00B67AB3E19} -> C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll [2013-05-13] (LULU Software Limited)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll [2013-05-13] (LULU Software Limited)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @alawar.com/npapi -> C:\Windows\npapi.dll [2014-01-29] (Alawar)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.1\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-300956757-2756368608-3835130273-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\ilaria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-25] [not signed]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=it-it
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Skype Click to Call) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (trivia games) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
CHR Extension: (new game) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02]
CHR Extension: (Gmail) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (dr games) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbfdjmmlnelgbkffopkgpggeeaildc [2015-04-02]
CHR HKU\S-1-5-21-300956757-2756368608-3835130273-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mibfbmhijjgpkmobcfdlelpccpeafoom] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2015-12-03]
Opera:
=======
OPR Extension: (trivia games) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
OPR Extension: (new game) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02]
OPR Extension: (dr games) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjpbfdjmmlnelgbkffopkgpggeeaildc [2015-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1096544 2013-05-13] (LULU Software Limited)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-05-13] (LULU Software Limited)
R2 vToolbarUpdater40.2.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe [1926544 2015-12-02] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-02] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2013-04-23] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [19968 2011-12-08] (Danish Wireless Design A/S)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
U2 ezSharedSvc; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-03 16:41 - 2015-12-03 16:42 - 00029705 _____ C:\Users\ilaria\Downloads\FRST.txt
2015-12-03 16:39 - 2015-12-03 16:41 - 00000000 ____D C:\FRST
2015-12-03 16:38 - 2015-12-03 16:38 - 02350080 _____ (Farbar) C:\Users\ilaria\Downloads\FRST64.exe
2015-12-03 15:32 - 2015-12-03 15:33 - 00000000 ____D C:\Users\ilaria\AppData\Local\Facebook
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\ProgramData\Tarma Installer
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-03 15:32 - 2015-04-11 12:58 - 00010355 _____ C:\Quarantine.lst
2015-12-03 15:32 - 2015-04-11 12:58 - 00009018 _____ C:\Quarantine.reg
2015-12-03 11:06 - 2015-12-03 11:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\ilaria\Downloads\HijackThis.exe
2015-12-03 10:51 - 2015-12-03 10:51 - 00000000 ____D C:\Users\ilaria\AppData\Local\{FB216F12-A197-44D8-A8B6-A88DBDA969F3}
2015-12-02 18:08 - 2015-12-02 18:09 - 00000000 ____D C:\Users\ilaria\AppData\Local\AVG Web TuneUp
2015-12-02 18:08 - 2015-12-02 18:08 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-02 18:07 - 2015-12-02 18:09 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-02 17:59 - 2015-12-02 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-02 17:58 - 2015-12-02 17:58 - 00000000 ___HD C:\$AVG
2015-12-02 17:54 - 2015-12-02 17:54 - 00000837 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-02 17:54 - 2015-12-02 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-12-02 17:51 - 2015-12-02 17:52 - 02924856 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ilaria\Downloads\AVG_Protection_Free_1005.exe
2015-12-02 17:23 - 2015-12-02 17:23 - 00000941 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-02 16:36 - 2015-12-02 16:36 - 00016330 _____ C:\Windows\SysWOW64\BroomData.bit
2015-12-02 16:36 - 2013-04-08 15:30 - 00022752 _____ C:\Windows\system32\PCloudBroom64.exe
2015-12-02 16:03 - 2015-12-02 16:03 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-02 16:03 - 2015-09-14 13:03 - 00039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2015-12-02 16:03 - 2015-01-29 18:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-12-02 16:02 - 2015-12-02 16:02 - 35192968 _____ (Panda Security ) C:\Users\ilaria\Downloads\PandaCloudCleaner.exe
2015-12-02 15:43 - 2015-12-02 15:43 - 00347816 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run (1).exe
2015-12-02 15:40 - 2015-12-02 15:40 - 00347816 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-12-02 14:01 - 2015-12-02 14:01 - 00001728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00000760 _____ C:\Users\Public\Desktop\Games.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00000231 _____ C:\Users\Public\Desktop\More Great Games.url
2015-12-02 14:00 - 2015-12-02 14:01 - 00000000 ____D C:\Program Files (x86)\bfgclient
2015-12-02 13:59 - 2015-12-02 13:59 - 00237568 _____ (Big Fish Games) C:\Users\ilaria\Downloads\farm-frenzy-inc_s1_l1_gF8904T1L1_d2543295360.exe
2015-12-02 13:30 - 2015-12-02 13:30 - 00000000 ____D C:\Users\ilaria\AppData\Local\{E5B9EF64-E83C-400F-A865-38F4E13B8469}
2015-12-02 13:17 - 2015-12-02 13:18 - 00000000 ____D C:\Users\ilaria\AppData\Local\{2D51ECE1-2CCB-4255-8838-4C03DCD93514}
2015-12-02 13:11 - 2015-12-02 13:11 - 00000125 _____ C:\FINIS_IT.TXT
2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Registry Mechanic
2015-12-02 12:20 - 2015-12-02 19:04 - 00000306 _____ C:\Windows\Tasks\RMSchedule.job
2015-12-02 12:20 - 2015-12-02 12:20 - 00002884 _____ C:\Windows\System32\Tasks\RMSchedule
2015-12-02 12:16 - 2015-12-02 12:17 - 00011376 _____ C:\Users\ilaria\Documents\cc_20151202_121640.reg
2015-12-02 11:42 - 2015-12-02 11:48 - 00000000 ____D C:\ProgramData\PC1Data
2015-12-02 11:22 - 2015-12-02 11:22 - 00000000 ____D C:\Users\ilaria\AppData\Local\{97197E8D-654F-4A20-9F6D-5A897EA63016}
2015-12-01 20:19 - 2015-12-01 20:19 - 00004264 _____ C:\Users\ilaria\Documents\cc_20151201_201916.reg
2015-12-01 20:18 - 2015-12-01 20:18 - 00146898 _____ C:\Users\ilaria\Documents\cc_20151201_201800.reg
2015-12-01 18:12 - 2015-12-01 18:27 - 781443488 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\Windows6.0-KB948465-X64.exe
2015-12-01 18:03 - 2015-12-01 18:10 - 498580680 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\Windows6.0-KB948465-X86.exe
2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 ____D C:\Users\ilaria\AppData\Local\{517FC8D9-BA79-4BF0-BF14-716682725F5B}
2015-12-01 16:21 - 2015-12-01 16:21 - 00000000 ____D C:\7b361a8e4434a6279e480b71
2015-12-01 16:20 - 2015-12-01 16:20 - 00000000 ____D C:\Windows\CheckSur
2015-12-01 14:38 - 2015-12-01 14:38 - 00000000 ____D C:\Users\ilaria\AppData\Local\{50E2C87A-0EC2-4981-B313-57BC84DBEDC6}
2015-12-01 14:29 - 2015-12-01 14:29 - 00000000 ____D C:\ce3adb00cc1f8a509a7ea33c7469a1
2015-12-01 14:16 - 2015-12-01 14:16 - 00000000 ____D C:\Users\ilaria\AppData\Local\ElevatedDiagnostics
2015-12-01 14:14 - 2015-12-01 14:57 - 00000000 ____D C:\MATS
2015-12-01 14:03 - 2015-12-01 14:03 - 00000000 ____D C:\Users\ilaria\AppData\Local\{F730300D-5371-40DB-B39A-31DB8146DEE2}
2015-12-01 11:43 - 2015-12-01 11:43 - 00000000 ____D C:\8986f1190e149d948a69
2015-12-01 11:42 - 2015-12-01 11:42 - 00000898 _____ C:\Users\ilaria\Downloads\daticert (2).xml
2015-12-01 11:41 - 2015-12-01 11:42 - 00141003 _____ C:\Users\ilaria\Downloads\POSTA_CERTIFICATA%3a_Inoltrato_dalla_casella_edlcalzature_sas%40legalmail.it_-__POSTA_CERTIFICATA%3a_INAIL_Comunica_%5b21930055%5d.zip
2015-12-01 11:41 - 2015-12-01 11:42 - 00141003 _____ C:\Users\ilaria\Downloads\POSTA_CERTIFICATA%3a_Inoltrato_dalla_casella_edlcalzature_sas%40legalmail.it_-__POSTA_CERTIFICATA%3a_INAIL_Comunica_%5b21930055%5d (1).zip
2015-12-01 11:20 - 2015-12-01 11:20 - 00000000 ____D C:\Users\ilaria\AppData\Local\{5C503F4E-FED8-43B4-A80E-49645B5768A5}
2015-12-01 11:11 - 2015-12-01 11:11 - 00000000 __SHD C:\found.000
2015-11-30 19:39 - 2015-11-30 19:40 - 00000000 ____D C:\Program Files (x86)\Fear For Sale - Mystery of McInroy Manor
2015-11-30 19:33 - 2015-11-30 19:35 - 00000000 ____D C:\Program Files (x86)\Fear for Sale - Endless Voyage Collectors Edition
2015-11-30 18:02 - 2015-11-30 18:02 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\GameInvest
2015-11-30 17:12 - 2015-11-30 17:13 - 00000000 ____D C:\Program Files (x86)\Fantastic Creations - House of Brass Collector's Edition
2015-11-30 11:38 - 2015-11-30 11:38 - 00000000 ____D C:\Users\ilaria\AppData\Local\{A661D06A-6CC4-4F62-B9CD-BFB45880858E}
2015-11-29 19:24 - 2015-11-29 19:24 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\The House of Fables
2015-11-29 19:19 - 2015-11-29 19:22 - 00000000 ____D C:\Program Files (x86)\Eventide - Slavic Fable Collectors Edition
2015-11-29 18:25 - 2015-11-29 18:25 - 00547517 _____ C:\Users\ilaria\Downloads\p25181.pdf
2015-11-29 11:54 - 2015-11-29 11:54 - 00000000 ____D C:\Users\ilaria\AppData\Local\{D5077F65-06A8-4C4F-9F1D-56B5BA34FFC0}
2015-11-27 13:07 - 2015-11-27 13:07 - 16176964 _____ C:\Users\ilaria\Downloads\accessori_lartigiana_Bottoni.zip
2015-11-27 11:10 - 2015-11-27 11:10 - 00000000 ____D C:\Users\ilaria\AppData\Local\{1414A7D0-09A5-458C-935B-2161412B1076}
2015-11-26 18:30 - 2015-11-26 18:30 - 00001294 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-11-26 11:17 - 2015-11-26 11:17 - 00000000 ____D C:\Users\ilaria\AppData\Local\{5D63DCE3-F6C4-49EB-9AD9-1173687F5533}
2015-11-25 19:30 - 2015-06-23 12:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-25 18:50 - 2015-12-02 17:54 - 00000000 ____D C:\Users\ilaria\AppData\Local\AvgSetupLog
2015-11-25 18:43 - 2015-11-25 18:43 - 00000000 ____D C:\Users\ilaria\AppData\Local\{DB606EB1-9118-4D4F-B972-55132092B2AE}
2015-11-25 17:40 - 2015-11-25 17:52 - 754825497 _____ C:\Users\ilaria\Downloads\Senza titolo (5).zip
2015-11-25 12:23 - 2015-11-25 12:23 - 00001787 _____ C:\Users\Public\Desktop\Play Farm Frenzy Inc..lnk
2015-11-25 12:22 - 2015-12-02 14:02 - 00000000 ____D C:\Program Files (x86)\Farm Frenzy Inc
2015-11-25 12:22 - 2015-12-01 15:20 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-11-25 12:22 - 2015-12-01 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-11-18 18:00 - 2015-11-18 18:00 - 06633489 _____ C:\Users\ilaria\Downloads\I%3a_FOTO_ARTICOLI.zip
2015-11-17 13:56 - 2015-11-17 13:56 - 00001266 _____ C:\Users\Public\Desktop\Altri fantastici giochi.lnk
2015-11-17 10:30 - 2015-11-17 10:30 - 00000000 ____D C:\Users\ilaria\AppData\Local\{0D9E7E5B-0E72-4FF9-8424-886F689582DD}
2015-11-15 10:47 - 2015-11-15 10:47 - 00000000 ____D C:\Users\ilaria\AppData\Local\{1AC681F7-0B67-4877-8EB7-A1C2B3639DF5}
2015-11-13 11:00 - 2015-11-13 11:00 - 00000000 ____D C:\Users\ilaria\AppData\Local\{4FC773F2-93DA-4674-B632-1C45CBE2F820}
2015-11-11 23:13 - 2015-11-11 23:13 - 00000000 ____D C:\Users\ilaria\AppData\Local\{A2B206D7-AE9A-4526-9769-A6EE7E67C7F9}
2015-11-11 22:22 - 2015-10-17 15:35 - 02798592 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 22:22 - 2015-09-26 17:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 22:22 - 2015-09-26 17:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 22:22 - 2015-09-26 17:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 22:22 - 2015-09-26 16:58 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 22:22 - 2015-09-26 16:58 - 00257536 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 22:22 - 2015-09-26 14:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2015-11-11 22:22 - 2015-09-22 14:10 - 00517976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 22:22 - 2015-09-22 14:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 22:16 - 2015-10-17 17:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 22:16 - 2015-10-17 16:41 - 00659456 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 22:13 - 2015-10-10 16:48 - 00736192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 22:04 - 2015-10-13 15:45 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 22:04 - 2015-10-13 15:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 22:01 - 2015-10-14 21:25 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 22:01 - 2015-10-14 21:25 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 22:01 - 2015-10-14 16:47 - 04691392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:25 - 2015-11-11 19:25 - 00324628 _____ C:\Users\ilaria\Downloads\Scheda Sintetica di Polizza_Alitalia Programma Viaggi_Mod. 012015_tcm12-6220.pdf
2015-11-11 11:22 - 2015-10-31 20:48 - 17079296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 11:22 - 2015-10-31 20:45 - 10886144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 11:22 - 2015-10-31 20:45 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 11:22 - 2015-10-31 20:44 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 11:22 - 2015-10-31 20:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 11:22 - 2015-10-31 20:44 - 01299968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 11:22 - 2015-10-31 20:44 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 11:22 - 2015-10-31 20:43 - 02129408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 11:22 - 2015-10-31 20:43 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-11 11:22 - 2015-10-31 20:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-11 11:22 - 2015-10-31 19:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 11:22 - 2015-10-31 19:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 11:22 - 2015-10-31 19:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 11:22 - 2015-10-31 19:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 11:22 - 2015-10-31 19:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 11:22 - 2015-10-31 19:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 11:22 - 2015-10-31 19:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-11-11 11:22 - 2015-10-31 19:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-11-08 11:18 - 2015-11-08 11:19 - 00000000 ____D C:\Users\ilaria\AppData\Local\{FB3702B7-83BB-42DD-BDA5-1EB28FC1AED1}
2015-11-06 15:50 - 2015-11-06 15:50 - 00184240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-11-05 23:41 - 2015-11-05 23:41 - 00000000 ____D C:\Users\ilaria\AppData\Local\{F6782731-13CC-4BB2-BD8E-A4F18B0DBEC3}
2015-11-05 10:58 - 2015-11-05 11:00 - 00000000 ____D C:\Users\ilaria\AppData\Local\{BDF8F4BD-C1CC-427B-9649-A5A9FBF22211}
2015-11-03 10:59 - 2015-11-03 10:59 - 00000000 ____D C:\Users\ilaria\AppData\Local\{2A19DB56-8D03-4BDA-A08E-8A06597B4D4E}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-03 16:39 - 2006-11-02 14:33 - 00000000 ____D C:\Windows
2015-12-03 16:03 - 2011-12-28 14:04 - 00001985 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 16:03 - 2011-12-28 14:02 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 15:55 - 2012-04-13 21:43 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 15:51 - 2011-12-24 17:01 - 00000000 ____D C:\ProgramData\MFAData
2015-12-03 15:51 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\tracing
2015-12-03 15:50 - 2011-12-26 18:11 - 00000000 ____D C:\Users\ilaria\Tracing
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:47 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:47 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:46 - 2014-05-26 10:21 - 00000912 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-12-03 15:46 - 2011-12-28 14:02 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 15:46 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 15:45 - 2006-11-02 16:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-03 15:44 - 2015-04-11 11:58 - 00000693 _____ C:\Windows\wininit.ini
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-03 14:50 - 2011-12-24 16:35 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Skype
2015-12-03 13:04 - 2009-07-31 20:15 - 00000000 ____D C:\ProgramData\Temp
2015-12-02 20:27 - 2009-08-01 04:31 - 00714792 _____ C:\Windows\system32\perfh010.dat
2015-12-02 20:27 - 2009-08-01 04:31 - 00143172 _____ C:\Windows\system32\perfc010.dat
2015-12-02 20:27 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2015-12-02 20:27 - 2006-11-02 13:46 - 01606136 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-02 20:16 - 2011-12-24 16:39 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-12-02 19:38 - 2011-12-24 15:32 - 00000936 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-12-02 18:01 - 2015-03-10 14:25 - 00000000 ____D C:\Users\ilaria\AppData\Local\Avg
2015-12-02 17:58 - 2015-03-10 14:20 - 00000000 ____D C:\ProgramData\AVG
2015-12-02 17:56 - 2011-12-24 17:05 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-02 17:23 - 2011-12-24 15:32 - 00000951 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-02 17:23 - 2011-12-24 15:32 - 00000917 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-12-02 16:36 - 2013-03-18 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TavoliVerdi 2013
2015-12-02 16:35 - 2014-11-06 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden World
2015-12-02 14:02 - 2013-07-09 22:07 - 00000000 ____D C:\BigFishCache
2015-12-02 14:00 - 2013-09-08 12:48 - 00000000 ____D C:\ProgramData\Big Fish
2015-12-02 13:11 - 2009-08-01 05:41 - 00000000 ___HD C:\hp
2015-12-02 13:09 - 2009-07-31 20:42 - 00000000 ____D C:\Program Files (x86)\SMINST
2015-12-02 12:21 - 2006-11-02 14:33 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-02 11:31 - 2006-11-02 16:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-01 20:13 - 2012-09-12 14:03 - 00000000 ____D C:\Windows\Minidump
2015-12-01 16:52 - 2009-07-31 20:48 - 00003576 _____ C:\Windows\System32\Tasks\HP Health Check
2015-12-01 16:47 - 2012-01-01 16:48 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\HpUpdate
2015-12-01 16:30 - 2009-07-31 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-01 15:24 - 2011-12-24 15:27 - 00000000 ____D C:\Users\ilaria
2015-12-01 15:24 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-12-01 15:22 - 2006-11-02 13:33 - 94633984 _____ C:\Windows\system32\config\software_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 70254592 _____ C:\Windows\system32\config\components_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 24379392 _____ C:\Windows\system32\config\system_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 04980736 _____ C:\Windows\system32\config\default_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-12-01 15:20 - 2015-10-04 13:46 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\PlayFavoriteGames
2015-12-01 15:20 - 2015-09-12 14:03 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\DominiGames
2015-12-01 15:20 - 2015-08-16 13:36 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\MAI
2015-12-01 15:20 - 2014-11-18 14:54 - 00000000 ____D C:\Program Files (x86)\Burraconline
2015-12-01 15:20 - 2013-03-25 18:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-01 15:20 - 2006-11-02 16:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-01 15:20 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\spool
2015-12-01 15:20 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\registration
2015-12-01 15:19 - 2015-10-15 13:28 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\4 Friends Games
2015-12-01 15:19 - 2015-09-10 11:57 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Deep Shadows
2015-12-01 15:19 - 2015-08-04 11:54 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar Entertainment
2015-12-01 15:19 - 2015-08-02 11:08 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\SMIGames
2015-12-01 15:19 - 2015-07-12 13:09 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Awem
2015-12-01 15:19 - 2015-07-05 13:28 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Vendel-GAMES
2015-12-01 15:19 - 2015-04-15 21:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2015-12-01 14:33 - 2014-11-26 13:01 - 00000000 ____D C:\ProgramData\AVG2015
2015-11-30 19:35 - 2014-11-13 11:56 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\EleFun Games
2015-11-28 19:41 - 2014-11-09 17:21 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Elephant Games
2015-11-26 18:48 - 2014-11-07 13:41 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Eipix
2015-11-26 11:21 - 2011-12-24 16:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-25 19:08 - 2011-12-26 22:12 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AVG
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
2015-11-23 17:58 - 2014-11-07 12:30 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\ERS Game Studios
2015-11-23 16:26 - 2014-09-16 12:12 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\BlamGames
2015-11-11 23:32 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache
2015-11-11 23:07 - 2006-11-02 16:21 - 00384336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 23:02 - 2006-11-02 16:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 23:02 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-11 22:44 - 2013-07-18 13:46 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 22:24 - 2006-11-02 13:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-11 22:21 - 2012-05-12 11:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 22:08 - 2014-03-01 16:50 - 01582104 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 15:55 - 2012-04-13 21:43 - 00003830 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 15:55 - 2012-04-13 21:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 15:55 - 2011-12-26 21:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2013-07-27 10:16 - 2014-09-19 10:43 - 0000244 _____ () C:\Users\ilaria\AppData\Roaming\WB.CFG
2013-12-31 09:56 - 2014-01-02 11:47 - 0000005 _____ () C:\Users\ilaria\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-13 09:22 - 2014-01-28 11:21 - 0000005 _____ () C:\Users\ilaria\AppData\Roaming\WBPU-TTL.DAT
2012-02-18 18:32 - 2014-05-24 10:45 - 0001770 _____ () C:\Users\ilaria\AppData\Roaming\wklnhst.dat
2011-12-26 10:44 - 2015-08-14 12:54 - 0000680 _____ () C:\Users\ilaria\AppData\Local\d3d9caps.dat
2011-12-27 15:24 - 2015-05-02 13:08 - 0021504 _____ () C:\Users\ilaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-12 13:22 - 2015-07-12 13:23 - 0197874 _____ () C:\Users\ilaria\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-07-12 13:22 - 2015-07-12 13:22 - 0000002 _____ () C:\Users\ilaria\AppData\Local\dd_dotnetfx35error.txt
2015-07-12 13:22 - 2015-07-12 13:23 - 0114422 _____ () C:\Users\ilaria\AppData\Local\dd_dotnetfx35install.txt
2014-06-05 10:45 - 2014-06-05 10:45 - 0386352 _____ () C:\Users\ilaria\AppData\Local\dd_vcredistMSI09C7.txt
2014-06-05 10:45 - 2014-06-05 10:45 - 0011368 _____ () C:\Users\ilaria\AppData\Local\dd_vcredistUI09C7.txt
2015-07-12 13:22 - 2015-07-12 13:23 - 0008074 _____ () C:\Users\ilaria\AppData\Local\uxeventlog.txt
Some files in TEMP:
====================
C:\Users\ilaria\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ilaria\AppData\Local\Temp\UNINSTALL.EXE
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-03 15:54
==================== End of FRST.txt ============================