Correcting multiple chrome.exe *32 processes as a malware infection

Antonellospider

Antonellospider

New Member
Thread author
Feb 12, 2015
1
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Antonello (administrator) on ANTONELLO-PC on 12-02-2015 13:44:37
Running from C:\Users\Antonello\Desktop\library\Downloads
Loaded Profiles: Antonello (Available profiles: Antonello)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Antonello\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-06-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Run: [Spotify Web Helper] => C:\Users\Antonello\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd)
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoInstrumentation] 0
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2167514562-3690024742-634606070-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {1CC12F2C-436C-4BC5-88DB-385BE4906D0B} URL = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {3BBFF31B-6A5B-47F0-9820-87263DEDD086} URL = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler: livecall - No CLSID Value
Handler: msnim - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - No CLSID Value
Handler: wlpg - No CLSID Value
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{19F641DD-C856-4B74-8C98-FF9D358E230E}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\searchplugins\search_the_web.xml
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\adsremoval@adsremoval.net [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\adremoveext@adremoveext.net [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ncr
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> google ncr_
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (AdBlock Premium) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-09-07]
CHR Extension: (Sniper Team 2) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndnehecocipmfgieoedaiojcekhlcfm [2014-10-19]
CHR Extension: (Google Wallet) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]
CHR HKLM-x32\...\Chrome\Extension: [ncdghcmanhfigpijjllopocpcnjffkhl] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 IMFservice; No ImagePath
S3 KMService; No ImagePath
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-08-05] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-05-08] ()
S4 FileMonitor; No ImagePath
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2014-11-21] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-05-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RegFilter; No ImagePath
R3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 UrlFilter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 13:44 - 2015-02-12 13:44 - 00000000 ____D () C:\FRST
2015-02-12 13:00 - 2015-02-12 13:00 - 00162552 _____ () C:\Users\Antonello\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-12 10:21 - 2015-02-12 10:30 - 05279504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 10:21 - 2015-02-12 10:21 - 00000056 _____ () C:\Windows\setupact.log
2015-02-12 10:21 - 2015-02-12 10:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 14:27 - 2015-02-11 15:16 - 00000000 ____D () C:\AITEMP
2015-02-11 11:44 - 2015-02-11 11:46 - 00000000 ____D () C:\Windows\rescache
2015-02-11 09:56 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:56 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:56 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:56 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:56 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:55 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:55 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:55 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:55 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:55 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:55 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:55 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:55 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:55 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:55 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:55 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:55 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:55 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:55 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:55 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:55 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:55 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:55 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:55 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:55 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:55 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:55 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:55 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:55 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:55 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:55 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:55 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:55 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:55 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 09:55 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 09:55 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 09:55 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 09:55 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:55 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:55 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:55 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:27 - 2015-02-12 13:38 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 16:27 - 2015-02-10 16:27 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 17:20 - 2015-02-07 17:20 - 00000000 ____D () C:\pepperflash
2015-02-05 09:06 - 2015-02-11 19:07 - 00000000 ____D () C:\Users\Antonello\Desktop\LineaSud
2015-01-27 18:08 - 2015-01-27 18:18 - 06000640 _____ () C:\Program Files (x86)\GUTA718.tmp
2015-01-27 18:08 - 2015-01-27 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-27 16:21 - 2015-01-27 18:03 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Antonello
2015-01-25 14:52 - 2014-11-21 23:00 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-22 15:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 15:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 15:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-22 15:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 15:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-22 15:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 11:00 - 2009-07-14 05:45 - 00025264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 11:00 - 2009-07-14 05:45 - 00025264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 10:36 - 2014-12-06 13:05 - 01742362 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 10:25 - 2014-12-01 22:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-12 10:23 - 2014-06-19 19:10 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 10:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 10:29 - 2014-12-12 15:37 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 10:29 - 2014-04-23 09:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 10:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 10:13 - 2013-06-26 16:57 - 01635138 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-11 10:13 - 2009-08-17 14:29 - 00741402 _____ () C:\Windows\system32\perfh010.dat
2015-02-11 10:13 - 2009-08-17 14:29 - 00147456 _____ () C:\Windows\system32\perfc010.dat
2015-02-11 10:12 - 2009-07-14 06:13 - 01635138 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 10:09 - 2013-08-09 18:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:01 - 2012-04-26 14:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 17:57 - 2015-01-10 16:08 - 00000000 ____D () C:\Users\Antonello\Desktop\tag febbraio
2015-02-10 16:27 - 2014-03-28 23:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 15:49 - 2011-12-09 14:48 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\vlc
2015-02-09 15:56 - 2012-04-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trivial Pursuit Edizione Genus Deluxe
2015-02-09 15:56 - 2011-12-14 15:01 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\uTorrent
2015-02-08 14:40 - 2011-12-09 14:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-08 12:54 - 2013-02-02 17:32 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-08 11:59 - 2013-11-13 12:20 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Spotify
2015-02-08 11:54 - 2013-11-13 12:21 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Spotify
2015-02-08 09:21 - 2014-11-05 14:10 - 00000000 ____D () C:\Users\Antonello\Desktop\grafiche
2015-02-07 18:38 - 2014-12-30 11:21 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\systweak
2015-02-07 17:50 - 2014-11-26 22:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 17:46 - 2014-03-03 21:04 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Chromium
2015-02-07 17:10 - 2013-07-18 07:20 - 00004578 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 17:10 - 2013-05-07 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 17:10 - 2011-12-10 09:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 13:35 - 2014-11-01 09:11 - 00000000 ____D () C:\Users\Antonello\Documents\SelfMV
2015-02-03 13:16 - 2014-03-10 16:07 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-02 21:14 - 2014-12-11 14:17 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Azureus
2015-01-31 23:02 - 2012-08-20 15:10 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-01-28 10:14 - 2014-12-26 00:30 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Media Player Classic
2015-01-27 17:44 - 2014-08-04 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-27 17:23 - 2011-12-09 18:31 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Adobe
2015-01-25 21:19 - 2014-09-06 15:18 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-25 21:18 - 2011-12-09 14:28 - 00000000 ____D () C:\Program Files\Java
2015-01-25 21:17 - 2014-08-04 11:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 21:17 - 2012-02-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 09:16 - 2014-11-26 22:09 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

==================== Files in the root of some directories =======

2015-01-27 18:08 - 2015-01-27 18:18 - 6000640 _____ () C:\Program Files (x86)\GUTA718.tmp
2011-12-14 12:32 - 2011-12-14 12:32 - 0007859 _____ () C:\Users\Antonello\AppData\Roaming\pcouffin.cat
2011-12-14 12:32 - 2011-12-14 12:32 - 0001167 _____ () C:\Users\Antonello\AppData\Roaming\pcouffin.inf
2011-12-14 12:32 - 2011-12-14 12:32 - 0082816 _____ (VSO Software) C:\Users\Antonello\AppData\Roaming\pcouffin.sys
2014-11-12 12:58 - 2014-11-12 12:58 - 0000132 _____ () C:\Users\Antonello\AppData\Roaming\Preferenze filtro Adobe Esporta tracciati CC
2014-10-26 11:50 - 2014-10-27 17:05 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bak
2014-10-26 11:51 - 2014-10-26 21:20 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bk!
2014-10-26 15:52 - 2014-10-26 17:52 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bko
2014-10-25 13:51 - 2014-10-27 17:22 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.ini
2014-03-08 14:27 - 2014-03-08 14:27 - 0001456 _____ () C:\Users\Antonello\AppData\Local\Adobe Salva per Web e dispositivi 13.0 Prefs
2014-12-12 21:13 - 2014-12-12 21:13 - 0004608 _____ () C:\Users\Antonello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-11 08:20 - 2014-12-22 20:54 - 0007667 _____ () C:\Users\Antonello\AppData\Local\resmon.resmoncfg
2014-11-25 21:12 - 2014-11-25 21:12 - 0214238 _____ () C:\ProgramData\1416946073.bdinstall.bin
2014-11-26 21:16 - 2014-11-26 21:16 - 0037842 _____ () C:\ProgramData\1417032964.bdinstall.bin
2014-11-26 21:17 - 2014-11-26 21:17 - 0097104 _____ () C:\ProgramData\1417032970.bdinstall.bin
2013-11-11 20:33 - 2013-11-11 20:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 14:39

==================== End Of Log ============================
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,998
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,866
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,854
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top