AleRos

I read about sandbox or virtualbox, but don't have any experience and not sure if there is a better option to prevent infections ( I use Win7) Any advice will be will be appreciated, many thanks in advance.

Thank you very much for very professional assistance

Yes it seems ok How can I donate something for the help and time?

Pc still working very well and I never seen any signs of infection, a part for that files in System32 (every time I turn on the pc I find them with the time update) but maybe I was just worried too much. The cpu fan only the first time worked more and maybe no that much, but was a bit strange because never happened on startup before

Done, no threats found

Ok thank you, when done I'll post the result

No problem I understand, thank you for help Malwarebytes Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/18 Scan Time: 12:15 AM Log File: bbb1290c-c1d9-11e8-8edd-00ff99b9279a.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7031 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: xxx\xxx -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 523807 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 hr, 7 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Adw-Cleaner (C00) # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-09-24.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-27-2018 # Duration: 00:00:06 # OS: Windows 7 Home Premium # Cleaned: 20 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Yahoo!\yset Deleted C:\_acestream_cache_ Deleted C:\Users\xxxx\AppData\LocalLow\.acestream Deleted C:\Users\xxxx\AppData\Roaming\.acestream Deleted C:\Users\xxxx\AppData\Roaming\acestream Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil Deleted C:\Users\xxxx\AppData\Local\YSearchUtil ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKCU\Software\Classes\acestream Deleted HKCU\Software\RegisteredApplications|AceStream Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com ***** [ Chromium (and derivatives) ] ***** Deleted AS Magic Player Deleted Avira SafeSearch Plus Deleted Ricerca e nuova scheda di Yahoo ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3002 octets] - [27/09/2018 01:34:08] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## AdwCleaner (S00) # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-09-24.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-27-2018 # Duration: 00:00:55 # OS: Windows 7 Home Premium # Scanned: 42059 # Detected: 20 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\yset PUP.Optional.Legacy C:\_acestream_cache_ PUP.Optional.Legacy C:\Users\xxxxx\AppData\LocalLow\.acestream PUP.Optional.Legacy C:\Users\xxxxx\AppData\Roaming\.acestream PUP.Optional.Legacy C:\Users\xxxxx\AppData\Roaming\acestream PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil PUP.Optional.Legacy C:\Users\xxxxx\AppData\Local\YSearchUtil ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** Adware.Elex HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Adware.Elex HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com ***** [ Chromium (and derivatives) ] ***** PUP.Optional.ASMagicPlayer AS Magic Player PUP.Optional.Legacy Avira SafeSearch Plus PUP.Optional.Legacy Ricerca e nuova scheda di Yahoo ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018 Ran by xxxx (administrator) on XXXX (27-09-2018 02:03:53) Running from C:\Users\xxxx\Desktop Loaded Profiles: xxxx & postgres & (Available Profiles: xxxx & postgres) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia) Internet Explorer Version 11 (Default browser: "C:\Users\xxxx\AppData\Local\brave\Brave.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (f.lux Software LLC) C:\Users\xxxx\AppData\Local\FluxSoftware\Flux\flux.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe () C:\Program Files (x86)\Chiavetta Internet\UIExec.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Olivetti) C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Olivetti) C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-07-17] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-07-03] (IDT, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\Run: [f.lux] => C:\Users\xxxx\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\Run: [f.lux] => C:\Users\xxxx\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\Policies\system: [DisableLockWorkstation] 0 ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{25A6B85C-51CC-4632-AA37-87EC0295E934}: [NameServer] 62.13.169.94 62.13.169.95 Tcpip\..\Interfaces\{817FC5DE-8662-4430-8853-2500A5AB1566}: [NameServer] 85.62.229.133 85.62.229.134 Tcpip\..\Interfaces\{99B9279A-2BCE-4752-8E5F-C01A41581A60}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{FADD651E-26A5-4836-9D57-19737FEFD13B}: [NameServer] 85.62.229.133 85.62.229.134 Tcpip\..\Interfaces\{FEE9EF04-C678-424B-B7C1-F50F050EA1B6}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{FEE9EF04-C678-424B-B7C1-F50F050EA1B6}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-3306969514-1186565033-3385122455-1003] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-3306969514-1186565033-3385122455-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020235130] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {B38851AA-5FE9-4DB3-BD86-29AC8C45E50D} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {B38851AA-5FE9-4DB3-BD86-29AC8C45E50D} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-20] (Oracle Corporation) BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-20] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Technologies) FireFox: ======== FF DefaultProfile: ypq4xgrd.default-1477251019019-1514662844198 FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypq4xgrd.default-1477251019019-1514662844198 [2018-09-26] FF Extension: (Firefox Monitor) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypq4xgrd.default-1477251019019-1514662844198\features\{77fa4c5d-c5bc-4849-9b4a-3b522b5d179f}\fxmonitor@mozilla.org.xpi [2018-09-25] FF Extension: (Telemetry coverage) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypq4xgrd.default-1477251019019-1514662844198\features\{77fa4c5d-c5bc-4849-9b4a-3b522b5d179f}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-25] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-16] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-09] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\xxxx\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-09] (Cisco WebEx LLC) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.it/ CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default [2018-09-17] CHR Extension: (Documenti) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22] CHR Extension: (Ledger Manager) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-15] CHR Extension: (YouTube) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22] CHR Extension: (Google Search) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22] CHR Extension: (Sicurezza browser Avira) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-07-07] CHR Extension: (Documenti Google offline) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30] CHR Extension: (Ledger Wallet Ethereum) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2018-08-15] CHR Extension: (Avira SafeSearch Plus) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-08-15] CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-08-15] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21] CHR Extension: (Yahoo Partner) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2018-07-07] CHR Extension: (Gmail) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-22] CHR Extension: (Chrome Media Router) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-17] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-09-05] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [338888 2018-08-14] (Avira Operations GmbH & Co. KG) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-04-15] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-04-15] (BlueStack Systems, Inc.) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 olMntrService; C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe [157696 2010-03-30] (Olivetti) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S2 UI Assistant Service; C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe [261456 2012-06-04] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 postgresql-8.4; "C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [73240 2018-08-09] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-07-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-07-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-09-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-09-14] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-09-14] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-04-15] (BlueStack Systems) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.) S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-06-05] (Huawei Technologies Co., Ltd.) [File not signed] S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2012-06-05] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-26] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-27] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-27] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-27] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-27] (Malwarebytes) R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-13] (The OpenVPN Project) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-07-17] (Synaptics Incorporated) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] S3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123264 2011-05-01] (ZTE Incorporated) S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-05-01] (ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-27 02:03 - 2018-09-27 02:06 - 000029912 _____ C:\Users\xxxx\Desktop\FRST.txt 2018-09-27 02:03 - 2018-09-27 02:03 - 000000000 ____D C:\FRST 2018-09-27 02:00 - 2018-09-27 02:00 - 002414080 _____ (Farbar) C:\Users\xxxx\Desktop\FRST64.exe 2018-09-27 01:55 - 2018-09-27 01:55 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-09-27 01:55 - 2018-09-27 01:55 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-09-27 01:55 - 2018-09-27 01:55 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-09-27 01:54 - 2018-09-27 01:54 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-09-27 01:48 - 2018-09-27 01:50 - 000000000 ____D C:\Users\xxxx\Desktop\mb 2018-09-27 01:31 - 2018-09-27 01:34 - 000000000 ____D C:\AdwCleaner 2018-09-27 01:29 - 2018-09-27 01:30 - 007592144 _____ (Malwarebytes) C:\Users\xxxx\Desktop\adwcleaner_7.2.4.0.exe 2018-09-26 03:59 - 2018-09-26 03:59 - 000001536 _____ C:\Users\xxxx\Desktop\11.txt 2018-09-26 01:52 - 2018-09-26 01:52 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-09-26 01:52 - 2018-09-26 01:52 - 000000000 ____D C:\Users\xxxx\AppData\Local\mbamtray 2018-09-26 01:52 - 2018-09-26 01:52 - 000000000 ____D C:\Users\xxxx\AppData\Local\mbam 2018-09-26 01:51 - 2018-09-26 01:51 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-26 01:51 - 2018-09-26 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-26 01:51 - 2018-09-26 01:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-26 01:51 - 2018-09-26 01:51 - 000000000 ____D C:\Program Files\Malwarebytes 2018-09-26 01:51 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-26 01:48 - 2018-09-26 01:50 - 080022264 _____ (Malwarebytes ) C:\Users\xxxx\Desktop\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe 2018-09-25 17:56 - 2018-09-25 17:56 - 000218129 _____ C:\Users\xxxx\Desktop\h2testw_1.4.zip 2018-09-25 17:56 - 2018-09-25 17:56 - 000000000 ____D C:\Users\xxxx\Desktop\h2testw_1.4 2018-09-22 23:40 - 2018-09-22 23:40 - 000832912 _____ C:\Users\xxxx\Desktop\flux-setup.exe 2018-09-22 04:06 - 2018-09-22 04:08 - 000000000 ____D C:\Users\xxxx\Desktop\1990 Repulsion (demo) 2018-09-21 23:24 - 2018-09-21 23:48 - 000000000 ____D C:\Users\xxxx\AppData\Local\SoulseekQt 2018-09-21 23:15 - 2018-09-25 06:47 - 000000000 ____D C:\Users\xxxx\Desktop\soulseek download 2018-09-21 23:08 - 2018-09-21 23:08 - 000000995 _____ C:\Users\Public\Desktop\SoulseekQt.lnk 2018-09-21 23:08 - 2018-09-21 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt 2018-09-21 23:08 - 2018-09-21 23:08 - 000000000 ____D C:\Program Files (x86)\SoulseekQt 2018-09-21 23:07 - 2018-09-21 23:07 - 007050026 _____ (Soulseek LLC ) C:\Users\xxxx\Desktop\SoulseekQt-2017-2-20.exe 2018-09-21 22:29 - 2018-09-21 22:29 - 000003244 _____ C:\Windows\System32\Tasks\Private Internet Access Startup 2018-09-21 22:29 - 2018-09-21 22:29 - 000000000 ____D C:\Users\xxxx\AppData\Local\PrivateInternetAccess 2018-09-21 22:26 - 2018-09-24 22:25 - 000000892 _____ C:\Users\xxxxe\Desktop\Private Internet Access.lnk 2018-09-21 22:26 - 2018-09-21 22:26 - 000000910 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reinstall TAP Driver.lnk 2018-09-21 22:26 - 2018-09-21 22:26 - 000000878 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk 2018-09-21 22:26 - 2018-09-21 22:26 - 000000863 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Private Internet Access.lnk 2018-09-21 22:25 - 2018-09-21 22:29 - 000000000 ____D C:\Program Files\pia_manager 2018-09-21 22:25 - 2018-01-30 13:19 - 000027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2018-09-21 22:20 - 2018-09-21 22:24 - 053057968 _____ (London Trust Media, Inc. ) C:\Users\xxxx\Documents\pia-v81-installer-win.exe 2018-09-19 01:27 - 2018-09-19 01:27 - 000000000 _____ C:\Users\xxxx\Desktop\Tu fai sempre la scelta migliore di altri.txt 2018-09-16 14:47 - 2018-09-26 00:25 - 000000000 ____D C:\Program Files\CCleaner 2018-09-13 02:48 - 2018-09-13 02:49 - 000000054 _____ C:\Users\xxxx\Desktop\il poker non è una gara o una sfida vs qualcuno, sei sempre e solo con te stesso.txt 2018-09-02 11:56 - 2018-09-02 11:56 - 000000000 _____ C:\Users\xxxx\Desktop\intralot 16,48.txt 2018-08-30 06:29 - 2018-09-20 21:58 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\Trinity 2018-08-30 06:29 - 2018-08-30 06:29 - 000002429 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trinity.lnk 2018-08-30 06:29 - 2018-08-30 06:29 - 000002421 _____ C:\Users\xxxx\Desktop\Trinity.lnk 2018-08-30 06:27 - 2018-08-30 06:28 - 046430480 _____ (IOTA Foundation) C:\Users\xxxx\Documents\trinity-desktop-0.3.2.exe 2018-08-28 01:43 - 2018-08-28 01:43 - 000001076 _____ C:\Users\Public\Desktop\Avira.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-27 02:06 - 2017-09-19 05:19 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray 2018-09-27 02:06 - 2017-06-10 06:55 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\brave 2018-09-27 02:04 - 2009-07-14 06:45 - 000031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-27 02:04 - 2009-07-14 06:45 - 000031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-27 01:54 - 2013-06-03 00:36 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-09-27 01:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-27 01:35 - 2015-11-14 23:48 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2018-09-26 23:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing 2018-09-26 07:18 - 2013-01-19 21:34 - 000000000 ____D C:\Users\xxxxAppData\Roaming\vlc 2018-09-26 06:48 - 2016-11-18 12:01 - 000000000 ____D C:\Users\xxxx\AppData\LocalLow\Mozilla 2018-09-26 04:17 - 2017-06-21 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-09-26 04:17 - 2012-12-18 02:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-26 04:15 - 2018-01-31 12:56 - 000250150 _____ C:\Users\xxxx\Desktop\Nuovo documento di testo (2).txt 2018-09-26 00:14 - 2012-02-05 06:40 - 000745526 _____ C:\Windows\system32\perfh010.dat 2018-09-26 00:14 - 2012-02-05 06:40 - 000149754 _____ C:\Windows\system32\perfc010.dat 2018-09-26 00:14 - 2009-07-14 07:13 - 001672896 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-26 00:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-09-26 00:09 - 2009-07-14 07:08 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-09-24 17:52 - 2013-05-18 02:56 - 000000000 ____D C:\Users\xxxx\Documents\KeePassX 2018-09-23 18:37 - 2012-02-04 22:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-09-22 23:40 - 2014-12-31 12:50 - 000000000 ____D C:\Users\xxxx\AppData\Local\FluxSoftware 2018-09-22 16:41 - 2014-03-08 03:47 - 000000000 ____D C:\Users\postgres 2018-09-21 22:27 - 2014-12-26 02:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-09-21 22:26 - 2015-12-09 01:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-09-20 21:59 - 2018-07-13 03:03 - 000000000 ____D C:\Users\xxxx\Desktop\Betting 2018-09-20 21:57 - 2018-04-24 20:50 - 000000189 _____ C:\Users\xxxxe\Desktop\stream.txt 2018-09-20 21:30 - 2017-05-22 21:28 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\Exodus 2018-09-20 02:07 - 2017-06-10 06:55 - 000000000 ____D C:\Users\xxxx\AppData\Local\brave 2018-09-20 02:06 - 2017-06-10 06:55 - 000002218 _____ C:\Users\xxxx\Desktop\Brave.lnk 2018-09-20 02:06 - 2017-06-10 06:55 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Software 2018-09-17 23:59 - 2017-06-13 06:11 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\IOTA Wallet 2018-09-17 22:33 - 2013-07-18 01:16 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-17 22:33 - 2013-07-18 01:16 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-16 13:56 - 2018-03-14 06:22 - 000004638 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-09-16 13:56 - 2014-08-19 23:34 - 000000000 ____D C:\Users\xxxx\AppData\Local\Adobe 2018-09-16 13:56 - 2013-04-19 18:31 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-09-16 13:56 - 2013-04-19 18:31 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-09-16 13:56 - 2012-02-04 22:11 - 000000000 ____D C:\Windows\system32\Macromed 2018-09-16 13:53 - 2013-01-01 19:37 - 000000000 ____D C:\Users\xxxx\AppData\Local\CrashDumps 2018-09-06 09:58 - 2018-03-27 04:16 - 000000000 ____D C:\Users\Public\Speedup Sessions 2018-09-05 12:02 - 2017-09-19 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-09-02 12:08 - 2018-05-22 23:27 - 000000000 ____D C:\Users\xxxx\Desktop\Antepost 2018-08-31 11:35 - 2016-07-03 03:07 - 000000193 _____ C:\Windows\WORDPAD.INI 2018-08-28 01:43 - 2015-12-20 08:58 - 000000000 ____D C:\ProgramData\Package Cache ==================== Files in the root of some directories ======= 2013-09-08 17:38 - 2013-09-08 17:38 - 000000045 _____ () C:\Users\xxxx\AppData\Local\machpro.dat 2015-08-15 23:34 - 2015-08-15 23:34 - 000000000 _____ () C:\Users\xxxx\AppData\Local\{885CCFEC-505D-4D87-99D1-97E038890541} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-10 18:26 ==================== End of FRST.txt ============================ ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.09.2018 Ran by xxxx (27-09-2018 02:07:35) Running from C:\Users\xxxx\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-12-05 18:03:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3306969514-1186565033-3385122455-500 - Administrator - Disabled) xxxx (S-1-5-21-3306969514-1186565033-3385122455-1000 - Administrator - Enabled) => C:\Users\xxxx Guest (S-1-5-21-3306969514-1186565033-3385122455-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3306969514-1186565033-3385122455-1002 - Limited - Enabled) postgres (S-1-5-21-3306969514-1186565033-3385122455-1003 - Limited - Enabled) => C:\Users\postgres ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG) Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.15.2.28160 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.8.0.7455 - Avira Operations GmbH & Co. KG) Bejeweled 3 (HKLM-x32\...\WTA-0412d922-e8d6-4f3f-9326-8cb6c0847637) (Version: 2.2.0.98 - WildTangent) Hidden BlueStacks App Player (HKLM-x32\...\{0A3C7091-0D14-476A-A5B2-036EEB81488C}) (Version: 0.9.23.5302 - BlueStack Systems, Inc.) Brave (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\Brave) (Version: 0.24.0 - Brave Software) Brave (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\Brave) (Version: 0.24.0 - Brave Software) Cake Mania (HKLM-x32\...\WTA-e1cd444b-ae0e-4d28-beb6-0b1766a3f405) (Version: 2.2.0.98 - WildTangent) Hidden CardRunnersEV3 (HKLM-x32\...\{2F426F14-E7C7-40BE-A7C9-0A29FA7D810C}) (Version: 3.0.8 - CardRunnersEV) Chiavetta Internet (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) Chuzzle Deluxe (HKLM-x32\...\WTA-3a4c4b53-f9c4-4654-b817-405b57cc3499) (Version: 2.2.0.95 - WildTangent) Hidden Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Cradle of Rome 2 (HKLM-x32\...\WTA-ba10306a-2931-4fa4-8a2c-1fefa5e6e30b) (Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) Epson Stylus SX210_SX410_TX210_TX410 Manuale (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Guida utente) (Version: - ) EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard) Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.) Exodus (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\exodus) (Version: 1.33.2 - Exodus Movement Inc) Exodus (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\exodus) (Version: 1.33.2 - Exodus Movement Inc) Farm Frenzy (HKLM-x32\...\WTA-0551a2c6-e756-4092-b1ae-ba74e9ec781b) (Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (HKLM-x32\...\WTA-ceef63c1-dc59-4b94-a3f0-96c32e00779d) (Version: 2.2.0.98 - WildTangent) Hidden FATE (HKLM-x32\...\WTA-98947379-bf5d-4e67-866b-6f59f1346ff6) (Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (HKLM-x32\...\WTA-dca2ce6f-7aef-463e-bc92-e959dc3ac61a) (Version: 2.2.0.95 - WildTangent) Hidden Fishdom (TM) 2 (HKLM-x32\...\WTA-a65bb930-7177-47b1-b9b5-9bf1134ca91c) (Version: 2.2.0.98 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{CAD3347B-FAC8-4E69-A6B2-DEFBE08151C0}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{8C1D6AED-1725-439F-BE4C-F6DE15EE710A}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{50F41984-B9AB-4F67-BBB6-B1DD94022ABE}) (Version: 12.9.24.3 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) Insaniquarium Deluxe (HKLM-x32\...\WTA-227eab40-07fe-4ab0-bb0f-e98b09b44875) (Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation) IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Jewel Match 3 (HKLM-x32\...\WTA-b0c49c11-876c-445e-9aca-0dd6c90c4036) (Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest II (HKLM-x32\...\WTA-fca7be2c-a745-4c2c-9677-f6fcb95e0a79) (Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Solitaire 2 (HKLM-x32\...\WTA-7f8422cb-9061-46c5-b1c7-5d940710783e) (Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lottomatica.it Poker (HKLM-x32\...\Lottomatica.it Poker ) (Version: - GTECH Corporation) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mahjongg Artifacts (HKLM-x32\...\WTA-bb4813bc-c134-4f06-b832-16dd6bbd8025) (Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes versione 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 15.001.05.00.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 43.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 it)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.2.6837 - Mozilla) Mystery of Mortlake Mansion (HKLM-x32\...\WTA-83e3948c-51c4-4ded-8ba5-03266d8edc14) (Version: 2.2.0.98 - WildTangent) Hidden Olivetti Toolbox (HKLM\...\{C67AC571-0CEC-4C7E-AED5-E533CE4DBE88}) (Version: 002.000.0031 - Olivetti S.p.A.) opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden PeopleAnalyzer v0.5 (HKLM-x32\...\{0F6D1540-F873-30D4-5331-B5B46B1460A9}) (Version: 0.0.0 - UNKNOWN) Hidden PeopleAnalyzer v0.5 (HKLM-x32\...\PeopleAnalyzer) (Version: 0.0.0 - UNKNOWN) Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-cb6dfc9b-f42c-4998-be6b-fdb5a626e17b) (Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PokerKing (HKLM-x32\...\496A04E7-2038-427a-AA40-B32DDB67EC74) (Version: 16.6 - IGSoft) PokerSnowie (HKLM-x32\...\PokerSnowie_is1) (Version: - Snowie Games Ltd) PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr) PokerStars.it (HKLM-x32\...\PokerStars.it) (Version: - PokerStars.it) PokerStrategy.com Equilab - Omaha (HKLM-x32\...\{38B746B5-44EE-4FFA-B987-581B5CF4A097}) (Version: 1.1.4.0 - PokerStrategy.com) PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - ) Polar Bowler (HKLM-x32\...\WTA-dc181f7d-3501-4ab8-9dc3-259b722724c3) (Version: 2.2.0.97 - WildTangent) Hidden PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group) Private Internet Access v81 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 81 - London Trust Media, Inc.) PX Profile Update (HKLM-x32\...\{8070C698-EE73-5106-DBE4-2E2EA03A2CEC}) (Version: 1.00.1. - AMD) Hidden Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-e0dba3d9-f4bd-404d-af10-4c76fef1d0a4) (Version: 2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.) SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version: - ) SIMPLE_WAY (HKLM\...\{CE581BB0-1948-4C34-9220-A9AA16E4A494}) (Version: 002.000.00012 - Olivetti S.p.A.) Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com) SoulseekQt versione 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC) Stanleybet 1.0.0 (HKLM-x32\...\Stanleybet_is1) (Version: 1.0.0 - Stanleybet) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated) TableNinja (HKLM-x32\...\{07390157-76DC-448B-B756-6022DF5BEF7A}) (Version: 1.2.157 - ALXSoftware) TableNinja (HKLM-x32\...\{240AED60-1548-49C6-AB90-C069C1807A57}) (Version: 1.2.164 - ALXSoftware) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) Torchlight (HKLM-x32\...\WTA-fd79a69f-ad0d-4304-92f5-690042fdf09f) (Version: 2.2.0.98 - WildTangent) Hidden Trinity 0.3.2 (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\e2e246ce-857c-53ed-b9ad-26e0668b9510) (Version: 0.3.2 - IOTA Foundation) Trinity 0.3.2 (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\e2e246ce-857c-53ed-b9ad-26e0668b9510) (Version: 0.3.2 - IOTA Foundation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Virtual Families (HKLM-x32\...\WTA-43f02768-ea7d-4c5c-afcc-558abc5d5ab9) (Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-152b9456-af87-43c3-b981-eddd43982758) (Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wedding Dash (HKLM-x32\...\WTA-9e0b3edb-7257-47ae-8692-a0d60ae56d4e) (Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent) Hidden Winamax (HKLM-x32\...\Winamax 3.8.1) (Version: 3.8.1 - Winamax) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Zuma's Revenge (HKLM-x32\...\WTA-a752590f-a842-4396-b1a4-635684f37bb8) (Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-05] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-01-17] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-06] (Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-05] (Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {035DAF5D-56FD-4452-9A15-CB93C9AD10AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {0D204CEE-419E-4500-B130-4A0F1DAC6824} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {31A7E2A8-050F-40F1-B474-095DF8D8C098} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-16] (Adobe Systems Incorporated) Task: {4DCE3358-ED25-464F-B01D-6044D2A36A7A} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19] (Hewlett-Packard Development Company, L.P.) Task: {511304BE-CE16-4940-AA46-2139E3F53ED0} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\5 => C:\Program Files (x86)\Chiavetta Internet\UIExec.exe [2012-06-04] () Task: {517844BE-736D-4429-AD0F-C89880FA062E} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-09-15] (EasyBits Software AS) Task: {52777E0A-BC67-4F2C-9B6F-E567CCE7086A} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\9 => C:\Windows\system32\igfxpers.exe [2012-01-06] (Intel Corporation) Task: {573314DD-DC50-4CBC-AF57-5F3422A4B7CE} - System32\Tasks\Avira\System Speedup\Delayed Startup\xxxx\1 => C:\Program Files\CCleaner\CCleaner64.exe <==== ATTENTION Task: {5F5669D3-A39D-4A98-A9EC-76F8724ACEC9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {610777DA-D640-4EB4-B630-B34951F47762} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\4 => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.) Task: {709149E4-F913-44A6-8C40-C9C0D37CACC0} - System32\Tasks\{1C2001DB-7748-4638-9CCF-C87B321DD726} => C:\Windows\system32\pcalua.exe -a "C:\Users\xxxx\Downloads\vcredist_x64.exe" -d "C:\Users\xxxx\Downloads" Task: {72DFD826-A921-43AF-8A6B-D31BD09DE196} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\7 => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [2015-11-18] (Easybits) Task: {77CAB785-C404-4B23-87FF-DF085ED43566} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\11 => C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe [2010-03-30] (Olivetti) Task: {7BE7217E-6074-4F3E-88DE-5860679A463C} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\8 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07] (Oracle Corporation) Task: {91C2174F-669C-4D9E-A200-B343E8FC6AA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {93E510A1-BFD7-4549-BEBD-AD1476C92DCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {9E942FD9-4A0D-47E7-B9A1-E02D4B85E91D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-19] (Adobe Systems Incorporated) Task: {A302EAC8-5C01-4BAB-80AD-BC72FB80D1E0} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-09-05] (Avira Operations GmbH & Co. KG) Task: {ADC01A9A-ACBD-492B-AD55-F0A63614799F} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-22] (Avira Operations GmbH & Co. KG) Task: {CB2FDDD9-CA81-4F32-AF39-97D8BFDC91D6} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-27] (Avira Operations GmbH & Co. KG ) Task: {CD5158BF-9184-4444-B414-B21F310CDC41} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe [2018-06-18] () Task: {DBD3BD75-6604-467A-A81E-6EFF24B0AA4D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\6 => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-09-07] (Hewlett-Packard Development Company, L.P.) Task: {E0D35C64-26A1-4C81-A168-8F12164A449D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\10 => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-12-19] (Hewlett-Packard Development Company, L.P.) Task: {E7AF822B-67E6-4B89-9D6E-BD4542A0461E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.) Task: {F1FF7426-4DC2-4E29-A14D-A6C628CE5618} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2011-12-05] (Intel Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\xxxx\Documents\Cripto Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf ShortcutWithArgument: C:\Users\xxxxDocuments\Cripto Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ShortcutWithArgument: C:\Users\xxxx\Documents\Cripto Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ==================== Loaded Modules (Whitelisted) ============== 2018-09-26 01:51 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-26 01:51 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2013-11-23 10:33 - 2012-06-04 15:14 - 000139088 _____ () C:\Program Files (x86)\Chiavetta Internet\UIExec.exe 2012-01-06 03:24 - 2012-01-06 03:24 - 000094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2018-09-20 02:06 - 2018-09-20 02:06 - 005077824 _____ () C:\Users\xxxx\AppData\Local\brave\app-0.24.0\libglesv2.dll 2018-09-20 02:06 - 2018-09-20 02:06 - 000112448 _____ () C:\Users\xxxx\AppData\Local\brave\app-0.24.0\libegl.dll 2011-12-19 23:34 - 2011-12-19 23:34 - 000108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2012-03-30 02:39 - 2011-12-16 22:37 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2018-08-09 20:38 - 2018-08-09 20:36 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll 2018-08-09 20:38 - 2018-08-09 20:36 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll 2017-09-13 01:20 - 2017-09-13 01:20 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f203ecbdc8e8f4f836e1627efb89f9ae\IsdiInterop.ni.dll 2012-03-30 02:39 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-03-08 19:45 - 2014-02-18 10:11 - 000172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll 2014-03-08 19:46 - 2012-08-14 15:19 - 000999424 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll 2012-03-30 02:39 - 2011-12-16 20:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Sfondo del desktop.bmp HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Sfondo del desktop.bmp DNS Servers: 208.67.222.222 - 208.67.220.220 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{88A81E2D-2232-4643-AD90-04A7FEE4E112}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{396B9029-1CEB-4292-8846-254EC7A4F18A}] => (Allow) LPort=2869 FirewallRules: [{04B71655-F1C7-41A6-87F5-81E889F74EAD}] => (Allow) LPort=1900 FirewallRules: [{7AC1D74C-ED47-4A1F-A2C8-384090028642}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A13D0AFE-35A7-4483-BCF2-D11C61E4C314}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{BF8B5D79-834F-4FBE-9C2B-BD637B78FCC4}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{FADB89FF-1BD8-4A84-B2CD-85C62D8EF1AB}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [TCP Query User{61B1F67E-8902-429A-B8E8-11FE756045C1}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [UDP Query User{345C3EA4-7607-46BF-9AAA-905C3F548F67}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [TCP Query User{E05D2792-3ACC-4469-A101-BFFD0A825644}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [UDP Query User{CD303E86-C9DD-43CC-BC70-6E1CA542F426}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [TCP Query User{A91970C9-FCC2-4203-BD6D-44AAC49AF5A9}C:\ayconspoker\aycons.exe] => (Allow) C:\ayconspoker\aycons.exe FirewallRules: [UDP Query User{E826EA11-D3C0-434B-B3C1-CF5FF69A71C3}C:\ayconspoker\aycons.exe] => (Allow) C:\ayconspoker\aycons.exe FirewallRules: [{E86EB403-65AE-4DEA-A86F-59D54356136B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2B502DCF-6FF8-4120-B020-6D716CCFED20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{15C25F59-8FF1-4216-9E78-D82B80D3E507}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{88A05EB6-721F-4CEE-AF84-5355F487341B}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [TCP Query User{57E4602D-0857-4DDD-936B-6EC5A69C69FB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{2B8D6E2F-21E6-4436-B6E1-ADD1F81107C3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{1FCAEFE0-86D7-463C-9857-9F26EE945DBC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{A079CAF3-9226-48C7-8F10-D1FD3BE0630B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{3416BED3-9ABB-4F3A-A211-EA1E0F78B642}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{02E7F9D8-234D-49A5-9C2E-69C87C9C5669}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{24F04C18-7A39-4DB6-AA8D-AD3A95A42D04}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe FirewallRules: [UDP Query User{4D25D901-5859-42C4-884A-8166D255A20A}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe FirewallRules: [TCP Query User{8B1EC6F3-D6AC-475E-96D3-115D6980B4A6}C:\misterpoker\misterpoker.exe] => (Allow) C:\misterpoker\misterpoker.exe FirewallRules: [UDP Query User{BF00ACB0-AB1B-4723-92F2-DB78CCC88E17}C:\misterpoker\misterpoker.exe] => (Allow) C:\misterpoker\misterpoker.exe FirewallRules: [{FC7AABD8-50E7-4D61-A959-A08E35B98E2A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{4D28583C-876A-4C6D-B9C2-9034CD7408D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B0CA3527-7EF5-4EE4-8B04-9A598F2BF2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{BBE54853-558D-4748-BCE0-5765F427B9F5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8659694A-01CA-43E5-AD30-AB289DAD9477}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{FB4FFE6B-A8E3-4319-97CA-96C643D3422C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{DE34F36E-D9ED-455F-B709-6220B8977EDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E5E69BC9-0687-4C39-BD2A-4752A1BCC8DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3DD6C3E0-66D7-46EC-8150-FB063F15E6D6}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [UDP Query User{10CF1E83-6BC4-43D8-AC01-64200381C6A5}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [TCP Query User{CB0D596F-E097-4366-B5D1-2EA05A8F479E}C:\misterpoker\misterpoker.exe] => (Block) C:\misterpoker\misterpoker.exe FirewallRules: [UDP Query User{4AADEA4C-1109-45D5-B0C0-6050FB0BAD3B}C:\misterpoker\misterpoker.exe] => (Block) C:\misterpoker\misterpoker.exe FirewallRules: [TCP Query User{928B28DE-18C7-42A3-A84C-4A91B49A74B9}C:\intralot\intralotpoker.exe] => (Allow) C:\intralot\intralotpoker.exe FirewallRules: [UDP Query User{9C671795-7C7A-4C6E-95EA-87115C12242A}C:\intralot\intralotpoker.exe] => (Allow) C:\intralot\intralotpoker.exe FirewallRules: [TCP Query User{67E316BF-0F33-4EAD-A0DE-7F219C4B5D26}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe FirewallRules: [UDP Query User{FF75DFF2-37E3-46F5-9082-01FB447B6E89}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe FirewallRules: [TCP Query User{E8D76544-C6D5-4578-9C18-2653AFA9BA8A}C:\roombet\roombet.exe] => (Block) C:\roombet\roombet.exe FirewallRules: [UDP Query User{C701E07F-6990-4312-ABCC-B39334693727}C:\roombet\roombet.exe] => (Block) C:\roombet\roombet.exe FirewallRules: [TCP Query User{7D7E7E80-D47F-419A-9962-94430B99B3B8}C:\intralot\intralotpoker.exe] => (Block) C:\intralot\intralotpoker.exe FirewallRules: [UDP Query User{E669A9EF-E391-45E5-AA22-E2DD38A9AD10}C:\intralot\intralotpoker.exe] => (Block) C:\intralot\intralotpoker.exe FirewallRules: [TCP Query User{B8E9E3B8-A78B-4758-A31F-7D91FBFECBD8}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [UDP Query User{5DE8244D-7DF1-480C-A3F4-556144E4821E}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [TCP Query User{32C72BC9-D0D1-4E50-B311-896A15C11124}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [UDP Query User{2E3E2207-9A72-4CEB-94DC-248C016A909E}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [TCP Query User{56F1BAC7-86E7-4412-8795-692FEFE13561}C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe] => (Block) C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe FirewallRules: [UDP Query User{218B65E1-27B3-4FC3-B340-70ADD0E84040}C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe] => (Block) C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe FirewallRules: [TCP Query User{0928AB8A-5DF5-46EB-AE04-855F5C402469}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{5F000C08-A357-4089-9C55-8F74009305B1}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{E52034FF-8770-417A-A4E0-936E84F99A1D}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Block) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{DC40CBFA-A037-441C-83BB-4115E6302084}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Block) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{4297E47F-8EA7-4C3B-A5D0-BB0F198529BA}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{895F8656-3E72-4195-BF05-A69A3CA52EF3}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{749E7C99-9366-4520-BA1B-D87111E0155A}C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Block) C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe FirewallRules: [UDP Query User{F9AC9FBB-2204-4E76-8AED-B71042912B01}C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Block) C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe FirewallRules: [TCP Query User{71DE8E49-03D2-41E9-BA1B-3BE92953FC4F}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{F80EFB1B-8FC1-42E8-A96B-AF8F4B9059A2}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{6C691DF4-8C7D-4115-88BB-EE74D0FEE7BD}C:\users\xxxx\appdata\local\bisq\bisq.exe] => (Allow) C:\users\xxxx\appdata\local\bisq\bisq.exe FirewallRules: [UDP Query User{C1F184A0-F0DA-4069-8594-0D0875351DFE}C:\users\xxxx\appdata\local\bisq\bisq.exe] => (Allow) C:\users\xxxx\appdata\local\bisq\bisq.exe FirewallRules: [{F473CDCD-4694-444D-8FDF-3C471FE2551F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{2274198C-74AD-46CD-B086-80B469D44C83}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{2B851557-0C84-4E6D-A2DF-F1335A034276}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{D2A7DC18-0E9D-40BE-9EDB-2B72FA905247}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe FirewallRules: [UDP Query User{0F5BCF26-A7ED-47DF-BA45-F6876E4F3CE0}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe ==================== Restore Points ========================= 16-09-2018 14:37:34 Avira System Speedup Optimization 21-09-2018 22:26:39 Installazione pacchetto driver di dispositivo: TAP-Windows Provider V9 Schede di rete ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/27/2018 01:57:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Nome del modulo che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Codice eccezione: 0xc0000417 Offset errore 0x0000ef7a ID processo che ha generato l'errore: 0x1a28 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d455f4aed20b3d Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe ID segnalazione: f18fe413-c1e7-11e8-a2c4-a0b3cc6affcc Error: (09/27/2018 01:57:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY) Description: Impossibile caricare il file del Registro di sistema delle classi. DETTAGLI - Impossibile trovare il file specificato. Error: (09/27/2018 01:54:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. Error: (09/27/2018 01:52:35 AM) (Source: AviraOptimizerHost) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/27/2018 01:52:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbamservice.exe, versione: 3.2.0.704, timestamp: 0x5b9acf90 Nome del modulo che ha generato l'errore: SelfProtectionSdk.dll, versione: 3.0.0.360, timestamp: 0x5b995ba2 Codice eccezione: 0x40000015 Offset errore 0x000000000014e2bf ID processo che ha generato l'errore: 0xc88 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d455f1e088fee8 Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Percorso del modulo che ha generato l'errore: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll ID segnalazione: 3cd0dfb3-c1e7-11e8-8fcb-a0b3cc6affcc Error: (09/27/2018 01:40:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Nome del modulo che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Codice eccezione: 0xc0000417 Offset errore 0x0000ef7a ID processo che ha generato l'errore: 0xb04 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d455f253388b5b Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe ID segnalazione: 998f98bb-c1e5-11e8-8fcb-a0b3cc6affcc Error: (09/27/2018 01:40:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY) Description: Impossibile caricare il file del Registro di sistema delle classi. DETTAGLI - Impossibile trovare il file specificato. Error: (09/27/2018 01:37:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. System errors: ============= Error: (09/27/2018 01:57:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio UI Assistant Service non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (09/27/2018 01:57:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (120000 millisecondi) durante l'attesa della connessione del servizio UI Assistant Service. Error: (09/27/2018 01:40:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio UI Assistant Service non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (09/27/2018 01:40:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (120000 millisecondi) durante l'attesa della connessione del servizio UI Assistant Service. Error: (09/27/2018 01:35:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Avira Service Host è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio. Error: (09/27/2018 01:35:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Application Virtualization Client. Questo evento si è già verificato 1 volta(e). Error: (09/27/2018 01:35:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Client Virtualization Handler. Questo evento si è già verificato 1 volta(e). Error: (09/27/2018 01:35:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio HP Software Framework Service. Questo evento si è già verificato 1 volta(e). ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Percentage of memory in use: 58% Total physical RAM: 6040.36 MB Available physical RAM: 2508.64 MB Total Virtual: 12078.9 MB Available Virtual: 7194.16 MB ==================== Drives ================================ Drive ? () (Fixed) (Total:575.97 GB) (Free:446.2 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:19.9 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 \\?\Volume{37114ac4-7a09-11e1-9b5e-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 1091B511) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=576 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=19.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================

No problem I understand, thank you for help Malwarebytes Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/18 Scan Time: 12:15 AM Log File: bbb1290c-c1d9-11e8-8edd-00ff99b9279a.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7031 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: xxx\xxx -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 523807 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 hr, 7 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Adw-Cleaner (C00) # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-09-24.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-27-2018 # Duration: 00:00:06 # OS: Windows 7 Home Premium # Cleaned: 20 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Yahoo!\yset Deleted C:\_acestream_cache_ Deleted C:\Users\xxxx\AppData\LocalLow\.acestream Deleted C:\Users\xxxx\AppData\Roaming\.acestream Deleted C:\Users\xxxx\AppData\Roaming\acestream Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil Deleted C:\Users\xxxx\AppData\Local\YSearchUtil ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKCU\Software\Classes\acestream Deleted HKCU\Software\RegisteredApplications|AceStream Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com ***** [ Chromium (and derivatives) ] ***** Deleted AS Magic Player Deleted Avira SafeSearch Plus Deleted Ricerca e nuova scheda di Yahoo ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3002 octets] - [27/09/2018 01:34:08] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## AdwCleaner (S00) # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-09-24.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-27-2018 # Duration: 00:00:55 # OS: Windows 7 Home Premium # Scanned: 42059 # Detected: 20 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\yset PUP.Optional.Legacy C:\_acestream_cache_ PUP.Optional.Legacy C:\Users\xxxxx\AppData\LocalLow\.acestream PUP.Optional.Legacy C:\Users\xxxxx\AppData\Roaming\.acestream PUP.Optional.Legacy C:\Users\xxxxx\AppData\Roaming\acestream PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil PUP.Optional.Legacy C:\Users\xxxxx\AppData\Local\YSearchUtil ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** Adware.Elex HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Adware.Elex HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com ***** [ Chromium (and derivatives) ] ***** PUP.Optional.ASMagicPlayer AS Magic Player PUP.Optional.Legacy Avira SafeSearch Plus PUP.Optional.Legacy Ricerca e nuova scheda di Yahoo ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018 Ran by xxxx (administrator) on XXXX (27-09-2018 02:03:53) Running from C:\Users\xxxx\Desktop Loaded Profiles: xxxx & postgres & (Available Profiles: xxxx & postgres) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia) Internet Explorer Version 11 (Default browser: "C:\Users\xxxx\AppData\Local\brave\Brave.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (f.lux Software LLC) C:\Users\xxxx\AppData\Local\FluxSoftware\Flux\flux.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe () C:\Program Files (x86)\Chiavetta Internet\UIExec.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Olivetti) C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Olivetti) C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe (Brave Software) C:\Users\xxxx\AppData\Local\brave\app-0.24.0\Brave.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-07-17] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-07-03] (IDT, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\Run: [f.lux] => C:\Users\xxxx\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\Run: [f.lux] => C:\Users\xxxx\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\Policies\system: [DisableLockWorkstation] 0 ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{25A6B85C-51CC-4632-AA37-87EC0295E934}: [NameServer] 62.13.169.94 62.13.169.95 Tcpip\..\Interfaces\{817FC5DE-8662-4430-8853-2500A5AB1566}: [NameServer] 85.62.229.133 85.62.229.134 Tcpip\..\Interfaces\{99B9279A-2BCE-4752-8E5F-C01A41581A60}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{FADD651E-26A5-4836-9D57-19737FEFD13B}: [NameServer] 85.62.229.133 85.62.229.134 Tcpip\..\Interfaces\{FEE9EF04-C678-424B-B7C1-F50F050EA1B6}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{FEE9EF04-C678-424B-B7C1-F50F050EA1B6}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-3306969514-1186565033-3385122455-1003] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-3306969514-1186565033-3385122455-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020235130] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {B38851AA-5FE9-4DB3-BD86-29AC8C45E50D} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {9AF7CAE5-A219-4902-9504-0C836B4D10C6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {B38851AA-5FE9-4DB3-BD86-29AC8C45E50D} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-20] (Oracle Corporation) BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-20] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Technologies) FireFox: ======== FF DefaultProfile: ypq4xgrd.default-1477251019019-1514662844198 FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypq4xgrd.default-1477251019019-1514662844198 [2018-09-26] FF Extension: (Firefox Monitor) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypq4xgrd.default-1477251019019-1514662844198\features\{77fa4c5d-c5bc-4849-9b4a-3b522b5d179f}\fxmonitor@mozilla.org.xpi [2018-09-25] FF Extension: (Telemetry coverage) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypq4xgrd.default-1477251019019-1514662844198\features\{77fa4c5d-c5bc-4849-9b4a-3b522b5d179f}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-25] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-16] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-09] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\xxxx\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-09] (Cisco WebEx LLC) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.it/ CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default [2018-09-17] CHR Extension: (Documenti) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22] CHR Extension: (Ledger Manager) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-15] CHR Extension: (YouTube) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22] CHR Extension: (Google Search) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22] CHR Extension: (Sicurezza browser Avira) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-07-07] CHR Extension: (Documenti Google offline) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30] CHR Extension: (Ledger Wallet Ethereum) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2018-08-15] CHR Extension: (Avira SafeSearch Plus) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-08-15] CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-08-15] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21] CHR Extension: (Yahoo Partner) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2018-07-07] CHR Extension: (Gmail) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-22] CHR Extension: (Chrome Media Router) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-17] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-09-05] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [338888 2018-08-14] (Avira Operations GmbH & Co. KG) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-04-15] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-04-15] (BlueStack Systems, Inc.) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 olMntrService; C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe [157696 2010-03-30] (Olivetti) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S2 UI Assistant Service; C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe [261456 2012-06-04] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 postgresql-8.4; "C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [73240 2018-08-09] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-07-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-07-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-09-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-09-14] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-09-14] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-04-15] (BlueStack Systems) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.) S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-06-05] (Huawei Technologies Co., Ltd.) [File not signed] S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2012-06-05] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-26] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-27] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-27] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-27] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-27] (Malwarebytes) R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-13] (The OpenVPN Project) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-07-17] (Synaptics Incorporated) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] S3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123264 2011-05-01] (ZTE Incorporated) S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-05-01] (ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-27 02:03 - 2018-09-27 02:06 - 000029912 _____ C:\Users\xxxx\Desktop\FRST.txt 2018-09-27 02:03 - 2018-09-27 02:03 - 000000000 ____D C:\FRST 2018-09-27 02:00 - 2018-09-27 02:00 - 002414080 _____ (Farbar) C:\Users\xxxx\Desktop\FRST64.exe 2018-09-27 01:55 - 2018-09-27 01:55 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-09-27 01:55 - 2018-09-27 01:55 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-09-27 01:55 - 2018-09-27 01:55 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-09-27 01:54 - 2018-09-27 01:54 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-09-27 01:48 - 2018-09-27 01:50 - 000000000 ____D C:\Users\xxxx\Desktop\mb 2018-09-27 01:31 - 2018-09-27 01:34 - 000000000 ____D C:\AdwCleaner 2018-09-27 01:29 - 2018-09-27 01:30 - 007592144 _____ (Malwarebytes) C:\Users\xxxx\Desktop\adwcleaner_7.2.4.0.exe 2018-09-26 03:59 - 2018-09-26 03:59 - 000001536 _____ C:\Users\xxxx\Desktop\11.txt 2018-09-26 01:52 - 2018-09-26 01:52 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-09-26 01:52 - 2018-09-26 01:52 - 000000000 ____D C:\Users\xxxx\AppData\Local\mbamtray 2018-09-26 01:52 - 2018-09-26 01:52 - 000000000 ____D C:\Users\xxxx\AppData\Local\mbam 2018-09-26 01:51 - 2018-09-26 01:51 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-26 01:51 - 2018-09-26 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-26 01:51 - 2018-09-26 01:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-26 01:51 - 2018-09-26 01:51 - 000000000 ____D C:\Program Files\Malwarebytes 2018-09-26 01:51 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-26 01:48 - 2018-09-26 01:50 - 080022264 _____ (Malwarebytes ) C:\Users\xxxx\Desktop\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe 2018-09-25 17:56 - 2018-09-25 17:56 - 000218129 _____ C:\Users\xxxx\Desktop\h2testw_1.4.zip 2018-09-25 17:56 - 2018-09-25 17:56 - 000000000 ____D C:\Users\xxxx\Desktop\h2testw_1.4 2018-09-22 23:40 - 2018-09-22 23:40 - 000832912 _____ C:\Users\xxxx\Desktop\flux-setup.exe 2018-09-22 04:06 - 2018-09-22 04:08 - 000000000 ____D C:\Users\xxxx\Desktop\1990 Repulsion (demo) 2018-09-21 23:24 - 2018-09-21 23:48 - 000000000 ____D C:\Users\xxxx\AppData\Local\SoulseekQt 2018-09-21 23:15 - 2018-09-25 06:47 - 000000000 ____D C:\Users\xxxx\Desktop\soulseek download 2018-09-21 23:08 - 2018-09-21 23:08 - 000000995 _____ C:\Users\Public\Desktop\SoulseekQt.lnk 2018-09-21 23:08 - 2018-09-21 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt 2018-09-21 23:08 - 2018-09-21 23:08 - 000000000 ____D C:\Program Files (x86)\SoulseekQt 2018-09-21 23:07 - 2018-09-21 23:07 - 007050026 _____ (Soulseek LLC ) C:\Users\xxxx\Desktop\SoulseekQt-2017-2-20.exe 2018-09-21 22:29 - 2018-09-21 22:29 - 000003244 _____ C:\Windows\System32\Tasks\Private Internet Access Startup 2018-09-21 22:29 - 2018-09-21 22:29 - 000000000 ____D C:\Users\xxxx\AppData\Local\PrivateInternetAccess 2018-09-21 22:26 - 2018-09-24 22:25 - 000000892 _____ C:\Users\xxxxe\Desktop\Private Internet Access.lnk 2018-09-21 22:26 - 2018-09-21 22:26 - 000000910 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reinstall TAP Driver.lnk 2018-09-21 22:26 - 2018-09-21 22:26 - 000000878 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk 2018-09-21 22:26 - 2018-09-21 22:26 - 000000863 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Private Internet Access.lnk 2018-09-21 22:25 - 2018-09-21 22:29 - 000000000 ____D C:\Program Files\pia_manager 2018-09-21 22:25 - 2018-01-30 13:19 - 000027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2018-09-21 22:20 - 2018-09-21 22:24 - 053057968 _____ (London Trust Media, Inc. ) C:\Users\xxxx\Documents\pia-v81-installer-win.exe 2018-09-19 01:27 - 2018-09-19 01:27 - 000000000 _____ C:\Users\xxxx\Desktop\Tu fai sempre la scelta migliore di altri.txt 2018-09-16 14:47 - 2018-09-26 00:25 - 000000000 ____D C:\Program Files\CCleaner 2018-09-13 02:48 - 2018-09-13 02:49 - 000000054 _____ C:\Users\xxxx\Desktop\il poker non è una gara o una sfida vs qualcuno, sei sempre e solo con te stesso.txt 2018-09-02 11:56 - 2018-09-02 11:56 - 000000000 _____ C:\Users\xxxx\Desktop\intralot 16,48.txt 2018-08-30 06:29 - 2018-09-20 21:58 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\Trinity 2018-08-30 06:29 - 2018-08-30 06:29 - 000002429 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trinity.lnk 2018-08-30 06:29 - 2018-08-30 06:29 - 000002421 _____ C:\Users\xxxx\Desktop\Trinity.lnk 2018-08-30 06:27 - 2018-08-30 06:28 - 046430480 _____ (IOTA Foundation) C:\Users\xxxx\Documents\trinity-desktop-0.3.2.exe 2018-08-28 01:43 - 2018-08-28 01:43 - 000001076 _____ C:\Users\Public\Desktop\Avira.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-27 02:06 - 2017-09-19 05:19 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray 2018-09-27 02:06 - 2017-06-10 06:55 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\brave 2018-09-27 02:04 - 2009-07-14 06:45 - 000031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-27 02:04 - 2009-07-14 06:45 - 000031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-27 01:54 - 2013-06-03 00:36 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-09-27 01:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-27 01:35 - 2015-11-14 23:48 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2018-09-26 23:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing 2018-09-26 07:18 - 2013-01-19 21:34 - 000000000 ____D C:\Users\xxxxAppData\Roaming\vlc 2018-09-26 06:48 - 2016-11-18 12:01 - 000000000 ____D C:\Users\xxxx\AppData\LocalLow\Mozilla 2018-09-26 04:17 - 2017-06-21 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-09-26 04:17 - 2012-12-18 02:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-26 04:15 - 2018-01-31 12:56 - 000250150 _____ C:\Users\xxxx\Desktop\Nuovo documento di testo (2).txt 2018-09-26 00:14 - 2012-02-05 06:40 - 000745526 _____ C:\Windows\system32\perfh010.dat 2018-09-26 00:14 - 2012-02-05 06:40 - 000149754 _____ C:\Windows\system32\perfc010.dat 2018-09-26 00:14 - 2009-07-14 07:13 - 001672896 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-26 00:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-09-26 00:09 - 2009-07-14 07:08 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-09-24 17:52 - 2013-05-18 02:56 - 000000000 ____D C:\Users\xxxx\Documents\KeePassX 2018-09-23 18:37 - 2012-02-04 22:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-09-22 23:40 - 2014-12-31 12:50 - 000000000 ____D C:\Users\xxxx\AppData\Local\FluxSoftware 2018-09-22 16:41 - 2014-03-08 03:47 - 000000000 ____D C:\Users\postgres 2018-09-21 22:27 - 2014-12-26 02:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-09-21 22:26 - 2015-12-09 01:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-09-20 21:59 - 2018-07-13 03:03 - 000000000 ____D C:\Users\xxxx\Desktop\Betting 2018-09-20 21:57 - 2018-04-24 20:50 - 000000189 _____ C:\Users\xxxxe\Desktop\stream.txt 2018-09-20 21:30 - 2017-05-22 21:28 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\Exodus 2018-09-20 02:07 - 2017-06-10 06:55 - 000000000 ____D C:\Users\xxxx\AppData\Local\brave 2018-09-20 02:06 - 2017-06-10 06:55 - 000002218 _____ C:\Users\xxxx\Desktop\Brave.lnk 2018-09-20 02:06 - 2017-06-10 06:55 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Software 2018-09-17 23:59 - 2017-06-13 06:11 - 000000000 ____D C:\Users\xxxx\AppData\Roaming\IOTA Wallet 2018-09-17 22:33 - 2013-07-18 01:16 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-17 22:33 - 2013-07-18 01:16 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-16 13:56 - 2018-03-14 06:22 - 000004638 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-09-16 13:56 - 2014-08-19 23:34 - 000000000 ____D C:\Users\xxxx\AppData\Local\Adobe 2018-09-16 13:56 - 2013-04-19 18:31 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-09-16 13:56 - 2013-04-19 18:31 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-09-16 13:56 - 2012-02-04 22:11 - 000000000 ____D C:\Windows\system32\Macromed 2018-09-16 13:53 - 2013-01-01 19:37 - 000000000 ____D C:\Users\xxxx\AppData\Local\CrashDumps 2018-09-06 09:58 - 2018-03-27 04:16 - 000000000 ____D C:\Users\Public\Speedup Sessions 2018-09-05 12:02 - 2017-09-19 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-09-02 12:08 - 2018-05-22 23:27 - 000000000 ____D C:\Users\xxxx\Desktop\Antepost 2018-08-31 11:35 - 2016-07-03 03:07 - 000000193 _____ C:\Windows\WORDPAD.INI 2018-08-28 01:43 - 2015-12-20 08:58 - 000000000 ____D C:\ProgramData\Package Cache ==================== Files in the root of some directories ======= 2013-09-08 17:38 - 2013-09-08 17:38 - 000000045 _____ () C:\Users\xxxx\AppData\Local\machpro.dat 2015-08-15 23:34 - 2015-08-15 23:34 - 000000000 _____ () C:\Users\xxxx\AppData\Local\{885CCFEC-505D-4D87-99D1-97E038890541} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-10 18:26 ==================== End of FRST.txt ============================ ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.09.2018 Ran by xxxx (27-09-2018 02:07:35) Running from C:\Users\xxxx\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-12-05 18:03:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3306969514-1186565033-3385122455-500 - Administrator - Disabled) xxxx (S-1-5-21-3306969514-1186565033-3385122455-1000 - Administrator - Enabled) => C:\Users\xxxx Guest (S-1-5-21-3306969514-1186565033-3385122455-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3306969514-1186565033-3385122455-1002 - Limited - Enabled) postgres (S-1-5-21-3306969514-1186565033-3385122455-1003 - Limited - Enabled) => C:\Users\postgres ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG) Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.15.2.28160 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.8.0.7455 - Avira Operations GmbH & Co. KG) Bejeweled 3 (HKLM-x32\...\WTA-0412d922-e8d6-4f3f-9326-8cb6c0847637) (Version: 2.2.0.98 - WildTangent) Hidden BlueStacks App Player (HKLM-x32\...\{0A3C7091-0D14-476A-A5B2-036EEB81488C}) (Version: 0.9.23.5302 - BlueStack Systems, Inc.) Brave (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\Brave) (Version: 0.24.0 - Brave Software) Brave (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\Brave) (Version: 0.24.0 - Brave Software) Cake Mania (HKLM-x32\...\WTA-e1cd444b-ae0e-4d28-beb6-0b1766a3f405) (Version: 2.2.0.98 - WildTangent) Hidden CardRunnersEV3 (HKLM-x32\...\{2F426F14-E7C7-40BE-A7C9-0A29FA7D810C}) (Version: 3.0.8 - CardRunnersEV) Chiavetta Internet (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) Chuzzle Deluxe (HKLM-x32\...\WTA-3a4c4b53-f9c4-4654-b817-405b57cc3499) (Version: 2.2.0.95 - WildTangent) Hidden Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Cradle of Rome 2 (HKLM-x32\...\WTA-ba10306a-2931-4fa4-8a2c-1fefa5e6e30b) (Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) Epson Stylus SX210_SX410_TX210_TX410 Manuale (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Guida utente) (Version: - ) EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard) Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.) Exodus (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\exodus) (Version: 1.33.2 - Exodus Movement Inc) Exodus (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\exodus) (Version: 1.33.2 - Exodus Movement Inc) Farm Frenzy (HKLM-x32\...\WTA-0551a2c6-e756-4092-b1ae-ba74e9ec781b) (Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (HKLM-x32\...\WTA-ceef63c1-dc59-4b94-a3f0-96c32e00779d) (Version: 2.2.0.98 - WildTangent) Hidden FATE (HKLM-x32\...\WTA-98947379-bf5d-4e67-866b-6f59f1346ff6) (Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (HKLM-x32\...\WTA-dca2ce6f-7aef-463e-bc92-e959dc3ac61a) (Version: 2.2.0.95 - WildTangent) Hidden Fishdom (TM) 2 (HKLM-x32\...\WTA-a65bb930-7177-47b1-b9b5-9bf1134ca91c) (Version: 2.2.0.98 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{CAD3347B-FAC8-4E69-A6B2-DEFBE08151C0}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{8C1D6AED-1725-439F-BE4C-F6DE15EE710A}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{50F41984-B9AB-4F67-BBB6-B1DD94022ABE}) (Version: 12.9.24.3 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) Insaniquarium Deluxe (HKLM-x32\...\WTA-227eab40-07fe-4ab0-bb0f-e98b09b44875) (Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation) IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Jewel Match 3 (HKLM-x32\...\WTA-b0c49c11-876c-445e-9aca-0dd6c90c4036) (Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest II (HKLM-x32\...\WTA-fca7be2c-a745-4c2c-9677-f6fcb95e0a79) (Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Solitaire 2 (HKLM-x32\...\WTA-7f8422cb-9061-46c5-b1c7-5d940710783e) (Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lottomatica.it Poker (HKLM-x32\...\Lottomatica.it Poker ) (Version: - GTECH Corporation) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mahjongg Artifacts (HKLM-x32\...\WTA-bb4813bc-c134-4f06-b832-16dd6bbd8025) (Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes versione 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 15.001.05.00.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 43.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 it)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.2.6837 - Mozilla) Mystery of Mortlake Mansion (HKLM-x32\...\WTA-83e3948c-51c4-4ded-8ba5-03266d8edc14) (Version: 2.2.0.98 - WildTangent) Hidden Olivetti Toolbox (HKLM\...\{C67AC571-0CEC-4C7E-AED5-E533CE4DBE88}) (Version: 002.000.0031 - Olivetti S.p.A.) opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden PeopleAnalyzer v0.5 (HKLM-x32\...\{0F6D1540-F873-30D4-5331-B5B46B1460A9}) (Version: 0.0.0 - UNKNOWN) Hidden PeopleAnalyzer v0.5 (HKLM-x32\...\PeopleAnalyzer) (Version: 0.0.0 - UNKNOWN) Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-cb6dfc9b-f42c-4998-be6b-fdb5a626e17b) (Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PokerKing (HKLM-x32\...\496A04E7-2038-427a-AA40-B32DDB67EC74) (Version: 16.6 - IGSoft) PokerSnowie (HKLM-x32\...\PokerSnowie_is1) (Version: - Snowie Games Ltd) PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr) PokerStars.it (HKLM-x32\...\PokerStars.it) (Version: - PokerStars.it) PokerStrategy.com Equilab - Omaha (HKLM-x32\...\{38B746B5-44EE-4FFA-B987-581B5CF4A097}) (Version: 1.1.4.0 - PokerStrategy.com) PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - ) Polar Bowler (HKLM-x32\...\WTA-dc181f7d-3501-4ab8-9dc3-259b722724c3) (Version: 2.2.0.97 - WildTangent) Hidden PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group) Private Internet Access v81 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 81 - London Trust Media, Inc.) PX Profile Update (HKLM-x32\...\{8070C698-EE73-5106-DBE4-2E2EA03A2CEC}) (Version: 1.00.1. - AMD) Hidden Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-e0dba3d9-f4bd-404d-af10-4c76fef1d0a4) (Version: 2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.) SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version: - ) SIMPLE_WAY (HKLM\...\{CE581BB0-1948-4C34-9220-A9AA16E4A494}) (Version: 002.000.00012 - Olivetti S.p.A.) Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com) SoulseekQt versione 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC) Stanleybet 1.0.0 (HKLM-x32\...\Stanleybet_is1) (Version: 1.0.0 - Stanleybet) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated) TableNinja (HKLM-x32\...\{07390157-76DC-448B-B756-6022DF5BEF7A}) (Version: 1.2.157 - ALXSoftware) TableNinja (HKLM-x32\...\{240AED60-1548-49C6-AB90-C069C1807A57}) (Version: 1.2.164 - ALXSoftware) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) Torchlight (HKLM-x32\...\WTA-fd79a69f-ad0d-4304-92f5-690042fdf09f) (Version: 2.2.0.98 - WildTangent) Hidden Trinity 0.3.2 (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\...\e2e246ce-857c-53ed-b9ad-26e0668b9510) (Version: 0.3.2 - IOTA Foundation) Trinity 0.3.2 (HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\...\e2e246ce-857c-53ed-b9ad-26e0668b9510) (Version: 0.3.2 - IOTA Foundation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Virtual Families (HKLM-x32\...\WTA-43f02768-ea7d-4c5c-afcc-558abc5d5ab9) (Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-152b9456-af87-43c3-b981-eddd43982758) (Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wedding Dash (HKLM-x32\...\WTA-9e0b3edb-7257-47ae-8692-a0d60ae56d4e) (Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent) Hidden Winamax (HKLM-x32\...\Winamax 3.8.1) (Version: 3.8.1 - Winamax) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Zuma's Revenge (HKLM-x32\...\WTA-a752590f-a842-4396-b1a4-635684f37bb8) (Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-05] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-01-17] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-06] (Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-05] (Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {035DAF5D-56FD-4452-9A15-CB93C9AD10AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {0D204CEE-419E-4500-B130-4A0F1DAC6824} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {31A7E2A8-050F-40F1-B474-095DF8D8C098} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-16] (Adobe Systems Incorporated) Task: {4DCE3358-ED25-464F-B01D-6044D2A36A7A} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19] (Hewlett-Packard Development Company, L.P.) Task: {511304BE-CE16-4940-AA46-2139E3F53ED0} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\5 => C:\Program Files (x86)\Chiavetta Internet\UIExec.exe [2012-06-04] () Task: {517844BE-736D-4429-AD0F-C89880FA062E} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-09-15] (EasyBits Software AS) Task: {52777E0A-BC67-4F2C-9B6F-E567CCE7086A} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\9 => C:\Windows\system32\igfxpers.exe [2012-01-06] (Intel Corporation) Task: {573314DD-DC50-4CBC-AF57-5F3422A4B7CE} - System32\Tasks\Avira\System Speedup\Delayed Startup\xxxx\1 => C:\Program Files\CCleaner\CCleaner64.exe <==== ATTENTION Task: {5F5669D3-A39D-4A98-A9EC-76F8724ACEC9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {610777DA-D640-4EB4-B630-B34951F47762} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\4 => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.) Task: {709149E4-F913-44A6-8C40-C9C0D37CACC0} - System32\Tasks\{1C2001DB-7748-4638-9CCF-C87B321DD726} => C:\Windows\system32\pcalua.exe -a "C:\Users\xxxx\Downloads\vcredist_x64.exe" -d "C:\Users\xxxx\Downloads" Task: {72DFD826-A921-43AF-8A6B-D31BD09DE196} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\7 => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [2015-11-18] (Easybits) Task: {77CAB785-C404-4B23-87FF-DF085ED43566} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\11 => C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe [2010-03-30] (Olivetti) Task: {7BE7217E-6074-4F3E-88DE-5860679A463C} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\8 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07] (Oracle Corporation) Task: {91C2174F-669C-4D9E-A200-B343E8FC6AA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {93E510A1-BFD7-4549-BEBD-AD1476C92DCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {9E942FD9-4A0D-47E7-B9A1-E02D4B85E91D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-19] (Adobe Systems Incorporated) Task: {A302EAC8-5C01-4BAB-80AD-BC72FB80D1E0} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-09-05] (Avira Operations GmbH & Co. KG) Task: {ADC01A9A-ACBD-492B-AD55-F0A63614799F} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-22] (Avira Operations GmbH & Co. KG) Task: {CB2FDDD9-CA81-4F32-AF39-97D8BFDC91D6} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-27] (Avira Operations GmbH & Co. KG ) Task: {CD5158BF-9184-4444-B414-B21F310CDC41} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe [2018-06-18] () Task: {DBD3BD75-6604-467A-A81E-6EFF24B0AA4D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\6 => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-09-07] (Hewlett-Packard Development Company, L.P.) Task: {E0D35C64-26A1-4C81-A168-8F12164A449D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\10 => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-12-19] (Hewlett-Packard Development Company, L.P.) Task: {E7AF822B-67E6-4B89-9D6E-BD4542A0461E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.) Task: {F1FF7426-4DC2-4E29-A14D-A6C628CE5618} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2011-12-05] (Intel Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\xxxx\Documents\Cripto Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf ShortcutWithArgument: C:\Users\xxxxDocuments\Cripto Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ShortcutWithArgument: C:\Users\xxxx\Documents\Cripto Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm ShortcutWithArgument: C:\Users\xxxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ==================== Loaded Modules (Whitelisted) ============== 2018-09-26 01:51 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-26 01:51 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2013-11-23 10:33 - 2012-06-04 15:14 - 000139088 _____ () C:\Program Files (x86)\Chiavetta Internet\UIExec.exe 2012-01-06 03:24 - 2012-01-06 03:24 - 000094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2018-09-20 02:06 - 2018-09-20 02:06 - 005077824 _____ () C:\Users\xxxx\AppData\Local\brave\app-0.24.0\libglesv2.dll 2018-09-20 02:06 - 2018-09-20 02:06 - 000112448 _____ () C:\Users\xxxx\AppData\Local\brave\app-0.24.0\libegl.dll 2011-12-19 23:34 - 2011-12-19 23:34 - 000108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2012-03-30 02:39 - 2011-12-16 22:37 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2018-08-09 20:38 - 2018-08-09 20:36 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll 2018-08-09 20:38 - 2018-08-09 20:36 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll 2017-09-13 01:20 - 2017-09-13 01:20 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f203ecbdc8e8f4f836e1627efb89f9ae\IsdiInterop.ni.dll 2012-03-30 02:39 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-03-08 19:45 - 2014-02-18 10:11 - 000172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll 2014-03-08 19:46 - 2012-08-14 15:19 - 000999424 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll 2012-03-30 02:39 - 2011-12-16 20:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3306969514-1186565033-3385122455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Sfondo del desktop.bmp HKU\S-1-5-21-3306969514-1186565033-3385122455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09272018020230433\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Sfondo del desktop.bmp DNS Servers: 208.67.222.222 - 208.67.220.220 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{88A81E2D-2232-4643-AD90-04A7FEE4E112}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{396B9029-1CEB-4292-8846-254EC7A4F18A}] => (Allow) LPort=2869 FirewallRules: [{04B71655-F1C7-41A6-87F5-81E889F74EAD}] => (Allow) LPort=1900 FirewallRules: [{7AC1D74C-ED47-4A1F-A2C8-384090028642}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A13D0AFE-35A7-4483-BCF2-D11C61E4C314}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{BF8B5D79-834F-4FBE-9C2B-BD637B78FCC4}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{FADB89FF-1BD8-4A84-B2CD-85C62D8EF1AB}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [TCP Query User{61B1F67E-8902-429A-B8E8-11FE756045C1}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [UDP Query User{345C3EA4-7607-46BF-9AAA-905C3F548F67}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [TCP Query User{E05D2792-3ACC-4469-A101-BFFD0A825644}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [UDP Query User{CD303E86-C9DD-43CC-BC70-6E1CA542F426}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [TCP Query User{A91970C9-FCC2-4203-BD6D-44AAC49AF5A9}C:\ayconspoker\aycons.exe] => (Allow) C:\ayconspoker\aycons.exe FirewallRules: [UDP Query User{E826EA11-D3C0-434B-B3C1-CF5FF69A71C3}C:\ayconspoker\aycons.exe] => (Allow) C:\ayconspoker\aycons.exe FirewallRules: [{E86EB403-65AE-4DEA-A86F-59D54356136B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2B502DCF-6FF8-4120-B020-6D716CCFED20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{15C25F59-8FF1-4216-9E78-D82B80D3E507}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{88A05EB6-721F-4CEE-AF84-5355F487341B}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [TCP Query User{57E4602D-0857-4DDD-936B-6EC5A69C69FB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{2B8D6E2F-21E6-4436-B6E1-ADD1F81107C3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{1FCAEFE0-86D7-463C-9857-9F26EE945DBC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{A079CAF3-9226-48C7-8F10-D1FD3BE0630B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{3416BED3-9ABB-4F3A-A211-EA1E0F78B642}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{02E7F9D8-234D-49A5-9C2E-69C87C9C5669}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{24F04C18-7A39-4DB6-AA8D-AD3A95A42D04}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe FirewallRules: [UDP Query User{4D25D901-5859-42C4-884A-8166D255A20A}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe FirewallRules: [TCP Query User{8B1EC6F3-D6AC-475E-96D3-115D6980B4A6}C:\misterpoker\misterpoker.exe] => (Allow) C:\misterpoker\misterpoker.exe FirewallRules: [UDP Query User{BF00ACB0-AB1B-4723-92F2-DB78CCC88E17}C:\misterpoker\misterpoker.exe] => (Allow) C:\misterpoker\misterpoker.exe FirewallRules: [{FC7AABD8-50E7-4D61-A959-A08E35B98E2A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{4D28583C-876A-4C6D-B9C2-9034CD7408D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B0CA3527-7EF5-4EE4-8B04-9A598F2BF2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{BBE54853-558D-4748-BCE0-5765F427B9F5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8659694A-01CA-43E5-AD30-AB289DAD9477}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{FB4FFE6B-A8E3-4319-97CA-96C643D3422C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{DE34F36E-D9ED-455F-B709-6220B8977EDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E5E69BC9-0687-4C39-BD2A-4752A1BCC8DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3DD6C3E0-66D7-46EC-8150-FB063F15E6D6}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [UDP Query User{10CF1E83-6BC4-43D8-AC01-64200381C6A5}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [TCP Query User{CB0D596F-E097-4366-B5D1-2EA05A8F479E}C:\misterpoker\misterpoker.exe] => (Block) C:\misterpoker\misterpoker.exe FirewallRules: [UDP Query User{4AADEA4C-1109-45D5-B0C0-6050FB0BAD3B}C:\misterpoker\misterpoker.exe] => (Block) C:\misterpoker\misterpoker.exe FirewallRules: [TCP Query User{928B28DE-18C7-42A3-A84C-4A91B49A74B9}C:\intralot\intralotpoker.exe] => (Allow) C:\intralot\intralotpoker.exe FirewallRules: [UDP Query User{9C671795-7C7A-4C6E-95EA-87115C12242A}C:\intralot\intralotpoker.exe] => (Allow) C:\intralot\intralotpoker.exe FirewallRules: [TCP Query User{67E316BF-0F33-4EAD-A0DE-7F219C4B5D26}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe FirewallRules: [UDP Query User{FF75DFF2-37E3-46F5-9082-01FB447B6E89}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe FirewallRules: [TCP Query User{E8D76544-C6D5-4578-9C18-2653AFA9BA8A}C:\roombet\roombet.exe] => (Block) C:\roombet\roombet.exe FirewallRules: [UDP Query User{C701E07F-6990-4312-ABCC-B39334693727}C:\roombet\roombet.exe] => (Block) C:\roombet\roombet.exe FirewallRules: [TCP Query User{7D7E7E80-D47F-419A-9962-94430B99B3B8}C:\intralot\intralotpoker.exe] => (Block) C:\intralot\intralotpoker.exe FirewallRules: [UDP Query User{E669A9EF-E391-45E5-AA22-E2DD38A9AD10}C:\intralot\intralotpoker.exe] => (Block) C:\intralot\intralotpoker.exe FirewallRules: [TCP Query User{B8E9E3B8-A78B-4758-A31F-7D91FBFECBD8}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [UDP Query User{5DE8244D-7DF1-480C-A3F4-556144E4821E}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [TCP Query User{32C72BC9-D0D1-4E50-B311-896A15C11124}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [UDP Query User{2E3E2207-9A72-4CEB-94DC-248C016A909E}C:\stanleybetpoker\stanleybet.exe] => (Allow) C:\stanleybetpoker\stanleybet.exe FirewallRules: [TCP Query User{56F1BAC7-86E7-4412-8795-692FEFE13561}C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe] => (Block) C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe FirewallRules: [UDP Query User{218B65E1-27B3-4FC3-B340-70ADD0E84040}C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe] => (Block) C:\users\xxxx\documents\downloads\antsharescore-gui-v1.6.6353.39367\antsharescore\antsharesui.exe FirewallRules: [TCP Query User{0928AB8A-5DF5-46EB-AE04-855F5C402469}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{5F000C08-A357-4089-9C55-8F74009305B1}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{E52034FF-8770-417A-A4E0-936E84F99A1D}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Block) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{DC40CBFA-A037-441C-83BB-4115E6302084}C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Block) C:\users\xxxx\desktop\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{4297E47F-8EA7-4C3B-A5D0-BB0F198529BA}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{895F8656-3E72-4195-BF05-A69A3CA52EF3}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{749E7C99-9366-4520-BA1B-D87111E0155A}C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Block) C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe FirewallRules: [UDP Query User{F9AC9FBB-2204-4E76-8AED-B71042912B01}C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Block) C:\users\xxxx\documents\downloads\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe FirewallRules: [TCP Query User{71DE8E49-03D2-41E9-BA1B-3BE92953FC4F}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [UDP Query User{F80EFB1B-8FC1-42E8-A96B-AF8F4B9059A2}C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe] => (Allow) C:\users\xxxx\desktop\wall\sia-ui-v1.2.2-win32-x64\resources\app\sia\siad.exe FirewallRules: [TCP Query User{6C691DF4-8C7D-4115-88BB-EE74D0FEE7BD}C:\users\xxxx\appdata\local\bisq\bisq.exe] => (Allow) C:\users\xxxx\appdata\local\bisq\bisq.exe FirewallRules: [UDP Query User{C1F184A0-F0DA-4069-8594-0D0875351DFE}C:\users\xxxx\appdata\local\bisq\bisq.exe] => (Allow) C:\users\xxxx\appdata\local\bisq\bisq.exe FirewallRules: [{F473CDCD-4694-444D-8FDF-3C471FE2551F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{2274198C-74AD-46CD-B086-80B469D44C83}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{2B851557-0C84-4E6D-A2DF-F1335A034276}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{D2A7DC18-0E9D-40BE-9EDB-2B72FA905247}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe FirewallRules: [UDP Query User{0F5BCF26-A7ED-47DF-BA45-F6876E4F3CE0}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe ==================== Restore Points ========================= 16-09-2018 14:37:34 Avira System Speedup Optimization 21-09-2018 22:26:39 Installazione pacchetto driver di dispositivo: TAP-Windows Provider V9 Schede di rete ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/27/2018 01:57:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Nome del modulo che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Codice eccezione: 0xc0000417 Offset errore 0x0000ef7a ID processo che ha generato l'errore: 0x1a28 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d455f4aed20b3d Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe ID segnalazione: f18fe413-c1e7-11e8-a2c4-a0b3cc6affcc Error: (09/27/2018 01:57:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY) Description: Impossibile caricare il file del Registro di sistema delle classi. DETTAGLI - Impossibile trovare il file specificato. Error: (09/27/2018 01:54:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. Error: (09/27/2018 01:52:35 AM) (Source: AviraOptimizerHost) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/27/2018 01:52:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbamservice.exe, versione: 3.2.0.704, timestamp: 0x5b9acf90 Nome del modulo che ha generato l'errore: SelfProtectionSdk.dll, versione: 3.0.0.360, timestamp: 0x5b995ba2 Codice eccezione: 0x40000015 Offset errore 0x000000000014e2bf ID processo che ha generato l'errore: 0xc88 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d455f1e088fee8 Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Percorso del modulo che ha generato l'errore: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll ID segnalazione: 3cd0dfb3-c1e7-11e8-8fcb-a0b3cc6affcc Error: (09/27/2018 01:40:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Nome del modulo che ha generato l'errore: AssistantServices.exe, versione: 0.0.0.0, timestamp: 0x4dd31a14 Codice eccezione: 0xc0000417 Offset errore 0x0000ef7a ID processo che ha generato l'errore: 0xb04 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d455f253388b5b Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Chiavetta Internet\AssistantServices.exe ID segnalazione: 998f98bb-c1e5-11e8-8fcb-a0b3cc6affcc Error: (09/27/2018 01:40:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY) Description: Impossibile caricare il file del Registro di sistema delle classi. DETTAGLI - Impossibile trovare il file specificato. Error: (09/27/2018 01:37:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. System errors: ============= Error: (09/27/2018 01:57:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio UI Assistant Service non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (09/27/2018 01:57:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (120000 millisecondi) durante l'attesa della connessione del servizio UI Assistant Service. Error: (09/27/2018 01:40:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio UI Assistant Service non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (09/27/2018 01:40:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (120000 millisecondi) durante l'attesa della connessione del servizio UI Assistant Service. Error: (09/27/2018 01:35:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Avira Service Host è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio. Error: (09/27/2018 01:35:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Application Virtualization Client. Questo evento si è già verificato 1 volta(e). Error: (09/27/2018 01:35:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Client Virtualization Handler. Questo evento si è già verificato 1 volta(e). Error: (09/27/2018 01:35:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio HP Software Framework Service. Questo evento si è già verificato 1 volta(e). ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Percentage of memory in use: 58% Total physical RAM: 6040.36 MB Available physical RAM: 2508.64 MB Total Virtual: 12078.9 MB Available Virtual: 7194.16 MB ==================== Drives ================================ Drive ? () (Fixed) (Total:575.97 GB) (Free:446.2 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:19.9 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 \\?\Volume{37114ac4-7a09-11e1-9b5e-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 1091B511) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=576 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=19.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================

Thanks for help I get always this advise (sent PM yesterday). *** We’re sorry but our system has detected wording in your post consistent with spam, It may be by accident, please try changing the wording and try to post again. If you’re still unable to, then please contact our Helpdesk at the following link:

Hi, Today on startup cpu fan starting working very hard on my laptop (really strange). After few minutes "windows defender" told me to check some new files in C:\windows\system32 (screenshot in attachament). https://i.imgur.com/dhtbBnf.png What should I do? I'm not expet for these things and I just want make sure my notebook is ok.... I always take care about my activity, but few days ago I started to downloading some music and maybe I got some virus o malware I guess. Also today I checked a new micro-SD on my laptop and I got an alert from my antirirus, file was: "ingenic file stor gadget 0316 ". Thank you in advace, any help or advise would be appreciated UPDATE: Did a scan with Malwarerbytes and found and moved 1 file to quarantine: Generic.Malware/Suspicious, C:\USERS\DOCUMENTS\DOWNLOADS\PDFCREATOR-1_7_0_SETUP.EXE, In quarantena, [0], [392686],1.0.7013 Now I restarted the laptop and if I go in C: Windows/System32 I can see the same suspicious files with new time update....As you can see in this new screenshot: https://i.imgur.com/9HdgEos.png top 3 files time has changed