Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2017 Ran by DF (07-10-2017 17:24:52) Running from C:\Users\DF\Contacts\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-09-09 01:14:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1286336489-1028466569-3393745925-500 - Administrator - Disabled) DF (S-1-5-21-1286336489-1028466569-3393745925-1000 - Administrator - Enabled) => C:\Users\DF Guest (S-1-5-21-1286336489-1028466569-3393745925-501 - Limited - Enabled) => C:\Users\Guest postgres (S-1-5-21-1286336489-1028466569-3393745925-1015 - Limited - Enabled) => C:\Users\postgres.DF-PC.000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (HKLM-x32\...\WT088216) (Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software) Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (HKLM-x32\...\WT088226) (Version: 2.2.0.95 - WildTangent) Hidden BetClic Poker (HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\...\BetClic Poker) (Version: - ) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Build-a-lot 2 (HKLM-x32\...\WT088228) (Version: 2.2.0.95 - WildTangent) Hidden ccc-core-static (HKLM-x32\...\{28849F27-E11E-F067-C4B5-7F4CDB75D473}) (Version: 2010.0825.2205.37769 - Nome società) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Chuzzle Deluxe (HKLM-x32\...\WT088235) (Version: 2.2.0.95 - WildTangent) Hidden Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.1 - Comodo) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT088238) (Version: 2.2.0.95 - WildTangent) Hidden Driver dispositivo USB (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B05 - ) e-express (HKLM-x32\...\e-express) (Version: 21.005.20.01.606 - Huawei Technologies Co.,Ltd) EhoCW Alpha 0.91n 06/12/2010 (HKLM-x32\...\EhoCW) (Version: Alpha 0.91n 06/12/2010 - F8EHO) Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Farm Frenzy (HKLM-x32\...\WT088260) (Version: 2.2.0.95 - WildTangent) Hidden FATE (HKLM-x32\...\WT088416) (Version: 2.2.0.95 - WildTangent) Hidden FileZilla Client 3.23.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse) Final Drive Nitro (HKLM-x32\...\WT088420) (Version: 2.2.0.95 - WildTangent) Hidden FLV-Media Player 1.8 (HKLM-x32\...\FLV-Media Player) (Version: 1.8 - HYBRIDWEB) Free Sound Recorder v10.8.8 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2015 FreeSoundRecorder Technologies, Inc.) Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GD Poker (HKLM-x32\...\GiocoDigitalePoker) (Version: - GiocoDigitale) GDpoker 1.0.0 (HKLM-x32\...\GDpoker_is1) (Version: 1.0.0 - gd_poker) GL USB2.0 UVC Camera Device (HKLM-x32\...\{9897BBD8-013A-49F3-928E-866A59B6E00C}) (Version: 15.12.14.0 - GenesysLogic) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HMA! Pro VPN 2.7.1.7 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.7.1.7 - ) Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - ) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell) ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden ImTOO DVD Creator (HKLM-x32\...\ImTOO DVD Creator) (Version: 7.0.3.1214 - ImTOO) Insaniquarium Deluxe (HKLM-x32\...\WT088268) (Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Jewel Quest Solitaire 2 (HKLM-x32\...\WT088269) (Version: 2.2.0.95 - WildTangent) Hidden JLG Extended Keyboard Layout US (v1.1) (HKLM-x32\...\{0904AF3E-7420-42B7-9174-AB2F9070281B}) (Version: 1.1 - JLG Utilities) John Deere Drive Green (HKLM-x32\...\WT088448) (Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell) LogProtect version 1.4.3 (HKLM-x32\...\LogProtect_is1) (Version: - ) Lottomatica.it Poker (HKLM-x32\...\Lottomatica.it Poker ) (Version: - GTECH Corporation) Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Microsoft .NET Framework 4.7 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.15.01.51 - Huawei Technologies Co.,Ltd) Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{312F7EE7-37D0-484D-B974-0CE1B8560C79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6484 - Mozilla) MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NCPlot v2.32 (HKLM-x32\...\NCPlot_is1) (Version: - NCPlot Software LLC) Nero 9 Essentials (HKLM-x32\...\{c68f25a7-43f0-423d-b5de-ca33885f1ba7}) (Version: - Nero AG) OpenOffice 4.1.3 (HKLM-x32\...\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}) (Version: 4.13.9783 - Apache Software Foundation) Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent) Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell ) Packard Bell Social Networks (HKLM-x32\...\{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.) Hidden Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.) PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - ) PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: 1.2.97.14551 - pdfforge GmbH) Pencil (HKLM-x32\...\Pencil) (Version: - Evolus Co., Ltd.) Penguins! (HKLM-x32\...\WT088452) (Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies (HKLM-x32\...\WT088283) (Version: 2.2.0.95 - WildTangent) Hidden Poker Club by Lottomatica (HKLM-x32\...\Poker Club by Lottomatica ) (Version: - Boss Media AB) PokerStars.it (HKLM-x32\...\PokerStars.it) (Version: - PokerStars.it) Polar Bowler (HKLM-x32\...\WT088456) (Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (HKLM-x32\...\WT088460) (Version: 2.2.0.95 - WildTangent) Hidden Pool Rebel for Windows (HKLM-x32\...\Pool Rebel for Windows_is1) (Version: - Compumaster Ltd) PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group) PX Profile Update (HKLM-x32\...\{98A26988-E99C-2EA6-684A-3FFE6F3A90F9}) (Version: 1.00.1. - AMD) Hidden Raccolta foto (HKLM-x32\...\{86A1CEAD-EF47-47BB-AE79-DA8C09E15382}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (HKLM-x32\...\{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden Should I Remove It (HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Smart PC Recorder - by freebird (HKLM-x32\...\SmartPCRecorder) (Version: 1.2 - Freebird) Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Titanbet.it Poker (HKLM-x32\...\Titanpoker.it) (Version: - ) Viber (HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\...\Viber) (Version: 5.1.2.24 - Viber Media Inc) Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version: - Media Converters) Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.6.0 - Liteon) Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT088508) (Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Wampserver64 3.0.6 (HKLM\...\{wampserver64}_is1) (Version: 3.0.6 - Dominique Ottello aka Otomatic) Web Companion (HKLM-x32\...\{67651c28-5e35-4bd7-849c-145c2062e619}) (Version: 2.3.1411.2698 - Lavasoft) WEBpatente 4.2 (HKLM-x32\...\{29D4BDED-54EC-4FDA-B2E1-B6A5F8C4E5C2}}_is1) (Version: - Roberto Mastri) Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3007 - Packard Bell) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation) Zuma Deluxe (HKLM-x32\...\WT088292) (Version: 2.2.0.95 - WildTangent) Hidden Zuma's Revenge (HKLM-x32\...\WT088531) (Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\...\ChromeHTML: -> C:\Users\DF\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DF\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DF\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DF\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DF\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DF\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DF\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\DF\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll -> No File ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software) ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2012-05-22] (The Eraser Project) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2010-08-25] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FAC4710-5291-422D-BA25-ED71BF109437} - System32\Tasks\{5EF0B267-6728-4AA1-9146-FD57F3F21FA1} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe Task: {113310D4-59CA-457B-BB4F-AAA886A6D681} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1286336489-1028466569-3393745925-1000UA => C:\Users\DF\AppData\Local\Google\Update\GoogleUpdate.exe Task: {145A4324-772A-4A1F-976F-D81BC628B04D} - System32\Tasks\GoogleUpdateTaskMachineUA1d3356085573eb8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1A47E4B2-FCEE-478E-AE28-1C2BF434B4CD} - System32\Tasks\AVAST Software\Avast settings backup Task: {2C01746D-96DD-4F32-8E1B-5FE4FC42EC4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {3CC8F55E-5EB2-4DE2-BE09-A1CB1F8D3764} - System32\Tasks\{45CA06BB-DB9E-4D62-91B5-B0A0EB94EE8B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {3D5076EC-AA97-416C-8F17-E35BE8A5F05B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {4513471C-4795-457C-A96A-FBB894DF828A} - System32\Tasks\{2D763861-8D8F-49BD-9780-5962A2A4CB9E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.17.0.105/fr/abandoninstall?page=tsProgressBar Task: {4B23F739-2101-4754-B2E9-B0854513EAF3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {6245EE8B-612E-43FC-B838-FE7903BDF21B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {680BBB87-C776-4C8C-804B-8D4C5EDFDB54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-02] (Adobe Systems Incorporated) Task: {6DB7008A-A54E-49E2-8C51-DBB985C069D6} - System32\Tasks\{20E3E361-DEC0-4511-AD18-70833B52E443} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe Task: {7E9DFBDD-986E-4957-B025-963D275A0F34} - System32\Tasks\{400330FA-85FC-4308-B182-782E4526524F} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\POKERC~1\UNWISE.EXE -c C:\PROGRA~2\POKERC~1\INSTALL.LOG Task: {85178CC8-57AB-49C1-9D29-33B8BAB810B4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-05] (AVAST Software) Task: {8862D2AD-D070-4749-ABBD-E51D5996D4E6} - System32\Tasks\{1D956DDB-65FC-4CEF-BA43-F7ABFF106DC4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.17.0.105/fr/abandoninstall?page=tsProgressBar Task: {91792999-1409-41EE-9A01-24B5E01DAC12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {BBECA6D1-1897-4C71-93C7-1B837E238172} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {E51D94B3-5BF3-4BA7-BA58-541C81051C56} - System32\Tasks\GoogleUpdateTaskMachineCore1d33560853128b3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {E6392A10-C729-46A6-9688-C3E8365B72A6} - System32\Tasks\Product Updater => C:\Program Files (x86)\Free Sound Recorder\FFProductUpdater.exe [2017-06-01] () Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION Task: {F3D2D8DA-A766-4029-9340-19EDF28C0F3E} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [2010-12-02] (Acer) Task: {F8342B61-DA23-4CDF-BEB5-A973803545EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1286336489-1028466569-3393745925-1000Core => C:\Users\DF\AppData\Local\Google\Update\GoogleUpdate.exe Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION Task: {FE598438-C78C-4EB0-A979-4C4498762BDF} - System32\Tasks\{A0216EFB-4B48-4C4E-9528-1D29BB81A804} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286336489-1028466569-3393745925-1000Core.job => C:\Users\DF\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286336489-1028466569-3393745925-1000UA.job => C:\Users\DF\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICMIZER.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 2539601351.www.pokericmcalculator.com ==================== Loaded Modules (Whitelisted) ============== 2017-10-02 18:03 - 2017-09-27 09:37 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000846752 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000286712 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2016-12-06 18:17 - 2016-12-06 18:17 - 000052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2014-07-01 04:45 - 2010-05-31 18:51 - 000536576 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe 2017-10-05 18:00 - 2017-10-05 18:00 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll 2017-10-06 12:25 - 2017-10-06 12:25 - 005891888 _____ () C:\Program Files\AVAST Software\Avast\defs\17100602\algo.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2017-10-07 17:09 - 2017-10-07 17:09 - 005880504 _____ () C:\Program Files\AVAST Software\Avast\defs\17100700\algo.dll 2017-09-14 06:38 - 2017-09-14 06:38 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\37fc2d150a5569e7ce440b1dd07b7ee9\IsdiInterop.ni.dll 2011-02-17 10:09 - 2010-04-13 19:52 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-10-05 18:00 - 2017-10-05 18:00 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2014-07-01 04:45 - 2010-04-23 10:16 - 000014848 ____R () C:\Program Files (x86)\Mobile Partner\isaputrace.dll 2014-07-01 04:45 - 2010-05-31 18:48 - 000122880 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll 2014-07-01 04:45 - 2010-08-04 15:03 - 000159744 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll 2014-07-01 04:45 - 2010-05-31 18:45 - 000090112 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll 2014-07-01 04:45 - 2010-05-31 18:49 - 000057344 _____ () C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll 2014-07-01 04:45 - 2010-08-06 16:50 - 001019904 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll 2014-07-01 04:45 - 2010-05-31 17:54 - 000172032 ____R () C:\Program Files (x86)\Mobile Partner\DetectDev.dll 2014-07-01 04:45 - 2010-05-31 17:54 - 000598016 ____R () C:\Program Files (x86)\Mobile Partner\atcomm.dll 2014-07-01 04:45 - 2010-05-31 17:53 - 000061440 ____R () C:\Program Files (x86)\Mobile Partner\XCodec.dll 2014-07-01 04:45 - 2010-05-31 17:54 - 000061440 ____R () C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll 2014-07-01 04:45 - 2010-05-31 18:51 - 000139264 _____ () C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll 2014-07-01 04:45 - 2010-05-31 18:47 - 000073728 _____ () C:\Program Files (x86)\Mobile Partner\CallPlugin.dll 2014-07-01 04:45 - 2010-04-23 10:16 - 000090112 ____R () C:\Program Files (x86)\Mobile Partner\FileManager.dll 2014-07-01 04:45 - 2010-05-31 18:50 - 000032768 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll 2014-07-01 04:45 - 2010-05-31 18:45 - 000253952 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll 2014-07-01 04:45 - 2010-05-31 18:50 - 000163840 _____ () C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-11-14 19:43 - 000002053 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1286336489-1028466569-3393745925-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 212.52.97.25 - 193.70.152.25 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoWebCamera.exe.lnk => C:\Windows\pss\VideoWebCamera.exe.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw MSCONFIG\startupreg: EDAHelper => C:\Users\DF\AppData\Local\Temp\Rar$EXa0.073\ZXW\SETUP\EDAHelper.exe MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe MSCONFIG\startupreg: FreeCall => "C:\Program Files (x86)\FreeCall.com\FreeCall\freecall.exe" -nosplash -minimized MSCONFIG\startupreg: GLSystray => C:\Program Files (x86)\GLPCCamera\monitorpad.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: VoipCheapCom => "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{874A99B9-9E4D-4885-97D9-8BD6A735318B}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{681C367C-50AC-4AE7-9BB7-86258EB45374}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{54A44595-6AF6-437A-AC56-8818E48F952F}] => (Allow) svchost.exe FirewallRules: [{991D5C48-8E74-4346-8047-207F0433390E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{9775D280-FB50-417E-85F6-BFC9AA4F1604}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{4E4693A2-3A3B-4CE6-958C-82DC9EC4B221}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{05A53FC4-6678-4F2B-A324-4AC7C6B837CB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{FB1E31F1-007B-48B4-AAEC-C2720F3F20CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2D9914CE-E7D1-4753-B049-2B52F3290A32}] => (Allow) LPort=5432 FirewallRules: [TCP Query User{8D6463DD-094E-4532-B1AE-2B628C392089}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{0C9BC26B-E5E7-4E76-9BDC-CC5E129F3F1D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{0A6D4CF9-3992-4609-9147-D42D3DC86070}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C10DB6D2-9653-418E-A4A7-B6C5262174B2}] => (Allow) LPort=2869 FirewallRules: [{C47899D3-41C9-401B-883E-408253AF5D53}] => (Allow) LPort=1900 FirewallRules: [{72553287-1E30-44E7-AAA1-4CFBB7E658C3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{4335BCC4-A604-4415-B2F8-F0364182A1C3}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{5B3B9558-867D-4784-831F-D17220653ECF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE79213E-5843-4D49-A9E1-1E13F6AE6DB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8EEF5595-7991-4B43-A723-CAD719BC40B1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{B22079D5-842B-4C4E-B648-DA95D390C598}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{676DE828-E461-4F51-B846-2F514B1E1971}] => (Allow) C:\Users\DF\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{F2AFAC81-44D3-4CF8-8C52-FB497DED1D61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EAC301DE-7D54-43DC-90A4-FBB3EC1919FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3EF337B7-11A2-40E4-8C17-12EC2EC377AF}C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe FirewallRules: [UDP Query User{FDD4BD8B-1879-426D-A74D-2FE7C2A036DD}C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe FirewallRules: [{ED11E5FF-BAEC-4E88-950F-7BF3D22FB862}] => (Block) C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe FirewallRules: [{04A67018-2A38-491D-8512-EC1FA9E3982D}] => (Block) C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe ==================== Restore Points ========================= 25-09-2017 21:27:11 Removed Nero BurnLite 10. 25-09-2017 22:59:34 Windows Update 29-09-2017 13:29:09 Windows Update 29-09-2017 14:05:30 VEN290917 30-09-2017 19:56:22 Restore Point Created by FRST 04-10-2017 10:38:30 Windows Update 04-10-2017 11:03:01 ZHPFix Restore System Point 06-10-2017 12:29:37 ZHPFix Restore System Point ==================== Faulty Device Manager Devices ============= Name: Android Description: Android Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: 1.3M HD WebCam Description: Dispositivo video USB Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Android Description: Android Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: ADB Interface Description: ADB Interface Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2017 05:06:15 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Solo a scopo informativo. (Patch task for {90140011-0066-0410-0000-0000000FF1CE}): DownloadLatest Failed: Nessuna connessione di rete attualmente attiva. Quando verrà collegata una scheda, Servizio trasferimento intelligente in background (BITS) ripeterà l'operazione. Error: (10/07/2017 04:56:15 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Solo a scopo informativo. Impossibile completare l'azione. Riprovare. Se il problema persiste, rivolgersi al Servizio Supporto Tecnico Clienti Microsoft. Error: (10/07/2017 04:55:58 PM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: 2017-10-07 14:55:58 GMTFATAL: bogus data in lock file "postmaster.pid": "" Error: (10/06/2017 04:55:29 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Solo a scopo informativo. Impossibile completare l'azione. Riprovare. Se il problema persiste, rivolgersi al Servizio Supporto Tecnico Clienti Microsoft. Error: (10/06/2017 04:54:57 PM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: 2017-10-06 14:54:57 GMTFATAL: bogus data in lock file "postmaster.pid": "" Error: (10/06/2017 12:14:27 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Solo a scopo informativo. Impossibile completare l'azione. Riprovare. Se il problema persiste, rivolgersi al Servizio Supporto Tecnico Clienti Microsoft. Error: (10/06/2017 12:14:23 PM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: 2017-10-06 10:14:23 GMTFATAL: bogus data in lock file "postmaster.pid": "" Error: (10/06/2017 08:37:46 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Generazione del contesto di attivazione non riuscita per "c:\program files (x86)\poker club by lottomatica\CrashSender1402.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Error: (10/06/2017 08:33:21 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Generazione del contesto di attivazione non riuscita per "c:\program files (x86)\lottomatica.it poker\CrashSender1402.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Error: (10/06/2017 08:29:52 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Solo a scopo informativo. (Patch task for {90140011-0066-0410-0000-0000000FF1CE}): DownloadLatest Failed: Nessuna connessione di rete attualmente attiva. Quando verrà collegata una scheda, Servizio trasferimento intelligente in background (BITS) ripeterà l'operazione. System errors: ============= Error: (10/06/2017 08:22:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio aswbIDSAgent non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (10/06/2017 08:22:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio aswbIDSAgent. Error: (10/06/2017 03:20:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Servizio Windows Update bloccato in partenza. Error: (10/05/2017 10:03:39 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: Agente proxy DNS: impossibile allocare 0 byte di memoria. Ciò potrebbe indicare una condizione di memoria virtuale insufficiente nel sistema oppure un errore interno rilevato dal gestore della memoria. Error: (10/05/2017 09:59:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio Servizio Gateway di livello applicazione non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (10/05/2017 09:59:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Servizio Gateway di livello applicazione. Error: (10/05/2017 06:08:17 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: Il server {60A90A2F-858D-42AF-8929-82BE9D99E8A1} non si è registrato con DCOM entro il timeout richiesto. Error: (10/05/2017 05:44:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Servizio Windows Update bloccato in partenza. Error: (10/04/2017 10:28:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Servizio Windows Update bloccato in partenza. Error: (10/03/2017 05:06:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio Agente criteri IPsec non è stato avviato per il seguente errore: Il servizio non è stato avviato a causa di un errore in fase di accesso. CodeIntegrity: =================================== Date: 2016-09-05 10:05:03.703 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-05 10:05:03.469 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-04 20:14:32.813 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-04 20:14:32.735 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-04 11:15:37.204 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-04 11:15:37.126 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-04 01:02:34.666 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-04 01:02:34.369 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-03 21:42:00.580 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2016-09-03 21:42:00.486 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentage of memory in use: 45% Total physical RAM: 3958.71 MB Available physical RAM: 2141.58 MB Total Virtual: 7915.6 MB Available Virtual: 6268.33 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:450.66 GB) (Free:273.27 GB) NTFS Drive e: (Mobile Partner) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 240CA24E) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================