Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Correcting multiple chrome.exe *32 processes as a malware infection
Message
<blockquote data-quote="Antonellospider" data-source="post: 348319" data-attributes="member: 34113"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02</p><p>Ran by Antonello (administrator) on ANTONELLO-PC on 12-02-2015 13:44:37</p><p>Running from C:\Users\Antonello\Desktop\library\Downloads</p><p>Loaded Profiles: Antonello (Available profiles: Antonello)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)</p><p>Internet Explorer Version 8 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe</p><p>(Spotify Ltd) C:\Users\Antonello\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe</p><p>(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-06-30] (Realtek Semiconductor)</p><p>HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Run: [Spotify Web Helper] => C:\Users\Antonello\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd)</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoResolveSearch] 1</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoInternetOpenWith] 1</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoInstrumentation] 0</p><p>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)</p><p>ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File</p><p>ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File</p><p>ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File</p><p>ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File</p><p>ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>ProxyServer: [S-1-5-21-2167514562-3690024742-634606070-1000] => localhost:8080</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.google.com/?trackid=sp-006" target="_blank">https://www.google.com/?trackid=sp-006</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="https://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">https://www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = </p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = </p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = </p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="https://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">https://www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.google.com/?trackid=sp-006" target="_blank">https://www.google.com/?trackid=sp-006</a></p><p>HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="https://www.google.com/?trackid=sp-006" target="_blank">https://www.google.com/?trackid=sp-006</a></p><p>SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = <a href="https://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">https://www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {1CC12F2C-436C-4BC5-88DB-385BE4906D0B} URL = <a href="http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}" target="_blank">http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {3BBFF31B-6A5B-47F0-9820-87263DEDD086} URL = <a href="http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}" target="_blank">http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = <a href="https://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">https://www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File</p><p>Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)</p><p>Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)</p><p>Handler: livecall - No CLSID Value</p><p>Handler: msnim - No CLSID Value</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Handler: wlmailhtml - No CLSID Value</p><p>Handler: wlpg - No CLSID Value</p><p>ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]</p><p>Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"</p><p>Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1</p><p>Tcpip\..\Interfaces\{19F641DD-C856-4B74-8C98-FF9D358E230E}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)</p><p>FF SearchPlugin: C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\searchplugins\search_the_web.xml</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:web2pdfextension@web2pdf.adobedotcom">web2pdfextension@web2pdf.adobedotcom</a>] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn</p><p>FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-01]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:wrc@avast.com">wrc@avast.com</a>] - C:\Program Files\AVAST Software\Avast\WebRep\FF</p><p>FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]</p><p>FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\<a href="mailto:adsremoval@adsremoval.net">adsremoval@adsremoval.net</a> [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\<a href="mailto:5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com">5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com</a> [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\<a href="mailto:ascsurfingprotection@iobit.com">ascsurfingprotection@iobit.com</a> [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\<a href="mailto:a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com">a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com</a> [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\<a href="mailto:iobitascsurfingprotection@iobit.com">iobitascsurfingprotection@iobit.com</a> [Not Found]</p><p>FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\<a href="mailto:adremoveext@adremoveext.net">adremoveext@adremoveext.net</a> [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.google.com/ncr" target="_blank">www.google.com/ncr</a></p><p>CHR StartupUrls: Default -> "<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p>CHR DefaultSearchKeyword: Default -> google ncr_</p><p>CHR DefaultSuggestURL: Default -> </p><p>CHR Profile: C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]</p><p>CHR Extension: (AdBlock Premium) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-09-07]</p><p>CHR Extension: (Sniper Team 2) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndnehecocipmfgieoedaiojcekhlcfm [2014-10-19]</p><p>CHR Extension: (Google Wallet) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-04]</p><p>CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]</p><p>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]</p><p>CHR HKLM-x32\...\Chrome\Extension: [ncdghcmanhfigpijjllopocpcnjffkhl] - No Path</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)</p><p>R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>S2 IMFservice; No ImagePath</p><p>S3 KMService; No ImagePath</p><p>S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]</p><p>S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)</p><p>S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-08-05] (Advanced Micro Devices, Inc.)</p><p>U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()</p><p>R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()</p><p>R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)</p><p>R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software)</p><p>R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()</p><p>R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)</p><p>R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)</p><p>R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software)</p><p>R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()</p><p>R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-05-08] ()</p><p>S4 FileMonitor; No ImagePath</p><p>R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm))</p><p>R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2014-11-21] (Qualcomm Atheros Co., Ltd.)</p><p>R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-05-08] ()</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)</p><p>S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)</p><p>R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)</p><p>S3 RegFilter; No ImagePath</p><p>R3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] ()</p><p>R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)</p><p>S3 UrlFilter; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-12 13:44 - 2015-02-12 13:44 - 00000000 ____D () C:\FRST</p><p>2015-02-12 13:00 - 2015-02-12 13:00 - 00162552 _____ () C:\Users\Antonello\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2015-02-12 10:21 - 2015-02-12 10:30 - 05279504 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2015-02-12 10:21 - 2015-02-12 10:21 - 00000056 _____ () C:\Windows\setupact.log</p><p>2015-02-12 10:21 - 2015-02-12 10:21 - 00000000 _____ () C:\Windows\setuperr.log</p><p>2015-02-11 14:27 - 2015-02-11 15:16 - 00000000 ____D () C:\AITEMP</p><p>2015-02-11 11:44 - 2015-02-11 11:46 - 00000000 ____D () C:\Windows\rescache</p><p>2015-02-11 09:56 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2015-02-11 09:56 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2015-02-11 09:56 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2015-02-11 09:56 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2015-02-11 09:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2015-02-11 09:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2015-02-11 09:56 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll</p><p>2015-02-11 09:55 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2015-02-11 09:55 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe</p><p>2015-02-11 09:55 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys</p><p>2015-02-11 09:55 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys</p><p>2015-02-11 09:55 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2015-02-11 09:55 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll</p><p>2015-02-11 09:55 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe</p><p>2015-02-11 09:55 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll</p><p>2015-02-11 09:55 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll</p><p>2015-02-11 09:55 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe</p><p>2015-02-11 09:55 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll</p><p>2015-02-11 09:55 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll</p><p>2015-02-11 09:55 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll</p><p>2015-02-11 09:55 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe</p><p>2015-02-11 09:55 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2015-02-11 09:55 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2015-02-11 09:55 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll</p><p>2015-02-11 09:55 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll</p><p>2015-02-11 09:55 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll</p><p>2015-02-11 09:55 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys</p><p>2015-02-11 09:55 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll</p><p>2015-02-11 09:55 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll</p><p>2015-02-11 09:55 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll</p><p>2015-02-11 09:55 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll</p><p>2015-02-11 09:55 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll</p><p>2015-02-11 09:55 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll</p><p>2015-02-11 09:55 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll</p><p>2015-02-11 09:55 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</p><p>2015-02-11 09:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll</p><p>2015-02-11 09:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll</p><p>2015-02-11 09:55 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll</p><p>2015-02-11 09:55 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll</p><p>2015-02-11 09:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2015-02-10 16:27 - 2015-02-12 13:38 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-02-10 16:27 - 2015-02-10 16:27 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2015-02-07 17:20 - 2015-02-07 17:20 - 00000000 ____D () C:\pepperflash</p><p>2015-02-05 09:06 - 2015-02-11 19:07 - 00000000 ____D () C:\Users\Antonello\Desktop\LineaSud</p><p>2015-01-27 18:08 - 2015-01-27 18:18 - 06000640 _____ () C:\Program Files (x86)\GUTA718.tmp</p><p>2015-01-27 18:08 - 2015-01-27 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2015-01-27 16:21 - 2015-01-27 18:03 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Antonello</p><p>2015-01-25 14:52 - 2014-11-21 23:00 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe</p><p>2015-01-22 15:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll</p><p>2015-01-22 15:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys</p><p>2015-01-22 15:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe</p><p>2015-01-22 15:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll</p><p>2015-01-22 15:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll</p><p>2015-01-22 15:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-12 11:00 - 2009-07-14 05:45 - 00025264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-02-12 11:00 - 2009-07-14 05:45 - 00025264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-02-12 10:36 - 2014-12-06 13:05 - 01742362 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-02-12 10:25 - 2014-12-01 22:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update</p><p>2015-02-12 10:23 - 2014-06-19 19:10 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-02-12 10:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-02-11 10:29 - 2014-12-12 15:37 - 00000000 ____D () C:\Windows\system32\appraiser</p><p>2015-02-11 10:29 - 2014-04-23 09:15 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2015-02-11 10:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing</p><p>2015-02-11 10:13 - 2013-06-26 16:57 - 01635138 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2015-02-11 10:13 - 2009-08-17 14:29 - 00741402 _____ () C:\Windows\system32\perfh010.dat</p><p>2015-02-11 10:13 - 2009-08-17 14:29 - 00147456 _____ () C:\Windows\system32\perfc010.dat</p><p>2015-02-11 10:12 - 2009-07-14 06:13 - 01635138 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-02-11 10:09 - 2013-08-09 18:23 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2015-02-11 10:01 - 2012-04-26 14:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2015-02-10 17:57 - 2015-01-10 16:08 - 00000000 ____D () C:\Users\Antonello\Desktop\tag febbraio</p><p>2015-02-10 16:27 - 2014-03-28 23:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2015-02-10 15:49 - 2011-12-09 14:48 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\vlc</p><p>2015-02-09 15:56 - 2012-04-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trivial Pursuit Edizione Genus Deluxe</p><p>2015-02-09 15:56 - 2011-12-14 15:01 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\uTorrent</p><p>2015-02-08 14:40 - 2011-12-09 14:50 - 00000000 ____D () C:\Program Files (x86)\Adobe</p><p>2015-02-08 12:54 - 2013-02-02 17:32 - 00000000 ____D () C:\Program Files (x86)\IObit</p><p>2015-02-08 11:59 - 2013-11-13 12:20 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Spotify</p><p>2015-02-08 11:54 - 2013-11-13 12:21 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Spotify</p><p>2015-02-08 09:21 - 2014-11-05 14:10 - 00000000 ____D () C:\Users\Antonello\Desktop\grafiche</p><p>2015-02-07 18:38 - 2014-12-30 11:21 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\systweak</p><p>2015-02-07 17:50 - 2014-11-26 22:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-02-07 17:46 - 2014-03-03 21:04 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Chromium</p><p>2015-02-07 17:10 - 2013-07-18 07:20 - 00004578 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-02-07 17:10 - 2013-05-07 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2015-02-07 17:10 - 2011-12-10 09:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-02-03 13:35 - 2014-11-01 09:11 - 00000000 ____D () C:\Users\Antonello\Documents\SelfMV</p><p>2015-02-03 13:16 - 2014-03-10 16:07 - 00000000 ____D () C:\ProgramData\Samsung</p><p>2015-02-02 21:14 - 2014-12-11 14:17 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Azureus</p><p>2015-01-31 23:02 - 2012-08-20 15:10 - 00000000 ____D () C:\Program Files (x86)\CCleaner</p><p>2015-01-28 10:14 - 2014-12-26 00:30 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Media Player Classic</p><p>2015-01-27 17:44 - 2014-08-04 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java</p><p>2015-01-27 17:23 - 2011-12-09 18:31 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Adobe</p><p>2015-01-25 21:19 - 2014-09-06 15:18 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll</p><p>2015-01-25 21:18 - 2011-12-09 14:28 - 00000000 ____D () C:\Program Files\Java</p><p>2015-01-25 21:17 - 2014-08-04 11:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</p><p>2015-01-25 21:17 - 2012-02-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java</p><p>2015-01-21 09:16 - 2014-11-26 22:09 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-01-27 18:08 - 2015-01-27 18:18 - 6000640 _____ () C:\Program Files (x86)\GUTA718.tmp</p><p>2011-12-14 12:32 - 2011-12-14 12:32 - 0007859 _____ () C:\Users\Antonello\AppData\Roaming\pcouffin.cat</p><p>2011-12-14 12:32 - 2011-12-14 12:32 - 0001167 _____ () C:\Users\Antonello\AppData\Roaming\pcouffin.inf</p><p>2011-12-14 12:32 - 2011-12-14 12:32 - 0082816 _____ (VSO Software) C:\Users\Antonello\AppData\Roaming\pcouffin.sys</p><p>2014-11-12 12:58 - 2014-11-12 12:58 - 0000132 _____ () C:\Users\Antonello\AppData\Roaming\Preferenze filtro Adobe Esporta tracciati CC</p><p>2014-10-26 11:50 - 2014-10-27 17:05 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bak</p><p>2014-10-26 11:51 - 2014-10-26 21:20 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bk!</p><p>2014-10-26 15:52 - 2014-10-26 17:52 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bko</p><p>2014-10-25 13:51 - 2014-10-27 17:22 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.ini</p><p>2014-03-08 14:27 - 2014-03-08 14:27 - 0001456 _____ () C:\Users\Antonello\AppData\Local\Adobe Salva per Web e dispositivi 13.0 Prefs</p><p>2014-12-12 21:13 - 2014-12-12 21:13 - 0004608 _____ () C:\Users\Antonello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2012-04-11 08:20 - 2014-12-22 20:54 - 0007667 _____ () C:\Users\Antonello\AppData\Local\resmon.resmoncfg</p><p>2014-11-25 21:12 - 2014-11-25 21:12 - 0214238 _____ () C:\ProgramData\1416946073.bdinstall.bin</p><p>2014-11-26 21:16 - 2014-11-26 21:16 - 0037842 _____ () C:\ProgramData\1417032964.bdinstall.bin</p><p>2014-11-26 21:17 - 2014-11-26 21:17 - 0097104 _____ () C:\ProgramData\1417032970.bdinstall.bin</p><p>2013-11-11 20:33 - 2013-11-11 20:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-02-03 14:39</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Antonellospider, post: 348319, member: 34113"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02 Ran by Antonello (administrator) on ANTONELLO-PC on 12-02-2015 13:44:37 Running from C:\Users\Antonello\Desktop\library\Downloads Loaded Profiles: Antonello (Available profiles: Antonello) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Spotify Ltd) C:\Users\Antonello\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-06-30] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Run: [Spotify Web Helper] => C:\Users\Antonello\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd) HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-2167514562-3690024742-634606070-1000\...\Policies\Explorer: [NoInstrumentation] 0 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2167514562-3690024742-634606070-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-2167514562-3690024742-634606070-1000] => localhost:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [URL]https://www.google.com/?trackid=sp-006[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [URL]https://www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]https://www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]https://www.google.com/?trackid=sp-006[/URL] HKU\S-1-5-21-2167514562-3690024742-634606070-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]https://www.google.com/?trackid=sp-006[/URL] SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [URL]https://www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {1CC12F2C-436C-4BC5-88DB-385BE4906D0B} URL = [URL]http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {3BBFF31B-6A5B-47F0-9820-87263DEDD086} URL = [URL]http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [URL]https://www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-2167514562-3690024742-634606070-1000 -> No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler: livecall - No CLSID Value Handler: msnim - No CLSID Value Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: wlmailhtml - No CLSID Value Handler: wlpg - No CLSID Value ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{19F641DD-C856-4B74-8C98-FF9D358E230E}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\searchplugins\search_the_web.xml FF HKLM-x32\...\Firefox\Extensions: [[email]web2pdfextension@web2pdf.adobedotcom[/email]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-01] FF HKLM-x32\...\Firefox\Extensions: [[email]wrc@avast.com[/email]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\[email]adsremoval@adsremoval.net[/email] [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\[email]5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com[/email] [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\[email]ascsurfingprotection@iobit.com[/email] [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\[email]a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com[/email] [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\[email]iobitascsurfingprotection@iobit.com[/email] [Not Found] FF Extension: No Name - C:\Users\Antonello\AppData\Roaming\Mozilla\Firefox\Profiles\c07x2t2y.default\extensions\[email]adremoveext@adremoveext.net[/email] [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://[URL="http://www.google.com/ncr"]www.google.com/ncr[/URL] CHR StartupUrls: Default -> "[URL]https://www.google.com/[/URL]" CHR DefaultSearchKeyword: Default -> google ncr_ CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01] CHR Extension: (AdBlock Premium) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-09-07] CHR Extension: (Sniper Team 2) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndnehecocipmfgieoedaiojcekhlcfm [2014-10-19] CHR Extension: (Google Wallet) - C:\Users\Antonello\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-04] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01] CHR HKLM-x32\...\Chrome\Extension: [ncdghcmanhfigpijjllopocpcnjffkhl] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 IMFservice; No ImagePath S3 KMService; No ImagePath S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X] S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-08-05] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-05-08] () S4 FileMonitor; No ImagePath R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm)) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2014-11-21] (Qualcomm Atheros Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-05-08] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 RegFilter; No ImagePath R3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] () R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) S3 UrlFilter; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 13:44 - 2015-02-12 13:44 - 00000000 ____D () C:\FRST 2015-02-12 13:00 - 2015-02-12 13:00 - 00162552 _____ () C:\Users\Antonello\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-12 10:21 - 2015-02-12 10:30 - 05279504 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 10:21 - 2015-02-12 10:21 - 00000056 _____ () C:\Windows\setupact.log 2015-02-12 10:21 - 2015-02-12 10:21 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-11 14:27 - 2015-02-11 15:16 - 00000000 ____D () C:\AITEMP 2015-02-11 11:44 - 2015-02-11 11:46 - 00000000 ____D () C:\Windows\rescache 2015-02-11 09:56 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 09:56 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 09:56 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 09:56 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 09:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 09:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 09:56 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 09:55 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 09:55 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 09:55 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 09:55 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 09:55 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 09:55 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 09:55 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 09:55 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 09:55 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 09:55 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 09:55 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 09:55 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 09:55 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 09:55 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 09:55 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 09:55 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 09:55 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 09:55 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 09:55 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 09:55 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 09:55 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 09:55 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 09:55 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 09:55 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 09:55 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 09:55 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 09:55 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 09:55 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 09:55 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-11 09:55 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-11 09:55 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-11 09:55 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-11 09:55 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 09:55 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 09:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 09:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 09:55 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 09:55 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 09:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-10 16:27 - 2015-02-12 13:38 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-10 16:27 - 2015-02-10 16:27 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-07 17:20 - 2015-02-07 17:20 - 00000000 ____D () C:\pepperflash 2015-02-05 09:06 - 2015-02-11 19:07 - 00000000 ____D () C:\Users\Antonello\Desktop\LineaSud 2015-01-27 18:08 - 2015-01-27 18:18 - 06000640 _____ () C:\Program Files (x86)\GUTA718.tmp 2015-01-27 18:08 - 2015-01-27 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-27 16:21 - 2015-01-27 18:03 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Antonello 2015-01-25 14:52 - 2014-11-21 23:00 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-22 15:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-22 15:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-22 15:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-22 15:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-22 15:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-22 15:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 11:00 - 2009-07-14 05:45 - 00025264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-12 11:00 - 2009-07-14 05:45 - 00025264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-12 10:36 - 2014-12-06 13:05 - 01742362 _____ () C:\Windows\WindowsUpdate.log 2015-02-12 10:25 - 2014-12-01 22:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-12 10:23 - 2014-06-19 19:10 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-12 10:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 10:29 - 2014-12-12 15:37 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-11 10:29 - 2014-04-23 09:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-11 10:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-11 10:13 - 2013-06-26 16:57 - 01635138 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-02-11 10:13 - 2009-08-17 14:29 - 00741402 _____ () C:\Windows\system32\perfh010.dat 2015-02-11 10:13 - 2009-08-17 14:29 - 00147456 _____ () C:\Windows\system32\perfc010.dat 2015-02-11 10:12 - 2009-07-14 06:13 - 01635138 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-11 10:09 - 2013-08-09 18:23 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 10:01 - 2012-04-26 14:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-10 17:57 - 2015-01-10 16:08 - 00000000 ____D () C:\Users\Antonello\Desktop\tag febbraio 2015-02-10 16:27 - 2014-03-28 23:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-10 15:49 - 2011-12-09 14:48 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\vlc 2015-02-09 15:56 - 2012-04-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trivial Pursuit Edizione Genus Deluxe 2015-02-09 15:56 - 2011-12-14 15:01 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\uTorrent 2015-02-08 14:40 - 2011-12-09 14:50 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-08 12:54 - 2013-02-02 17:32 - 00000000 ____D () C:\Program Files (x86)\IObit 2015-02-08 11:59 - 2013-11-13 12:20 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Spotify 2015-02-08 11:54 - 2013-11-13 12:21 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Spotify 2015-02-08 09:21 - 2014-11-05 14:10 - 00000000 ____D () C:\Users\Antonello\Desktop\grafiche 2015-02-07 18:38 - 2014-12-30 11:21 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\systweak 2015-02-07 17:50 - 2014-11-26 22:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 17:46 - 2014-03-03 21:04 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Chromium 2015-02-07 17:10 - 2013-07-18 07:20 - 00004578 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-07 17:10 - 2013-05-07 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-07 17:10 - 2011-12-10 09:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 13:35 - 2014-11-01 09:11 - 00000000 ____D () C:\Users\Antonello\Documents\SelfMV 2015-02-03 13:16 - 2014-03-10 16:07 - 00000000 ____D () C:\ProgramData\Samsung 2015-02-02 21:14 - 2014-12-11 14:17 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Azureus 2015-01-31 23:02 - 2012-08-20 15:10 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2015-01-28 10:14 - 2014-12-26 00:30 - 00000000 ____D () C:\Users\Antonello\AppData\Roaming\Media Player Classic 2015-01-27 17:44 - 2014-08-04 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-27 17:23 - 2011-12-09 18:31 - 00000000 ____D () C:\Users\Antonello\AppData\Local\Adobe 2015-01-25 21:19 - 2014-09-06 15:18 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-25 21:18 - 2011-12-09 14:28 - 00000000 ____D () C:\Program Files\Java 2015-01-25 21:17 - 2014-08-04 11:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-25 21:17 - 2012-02-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-21 09:16 - 2014-11-26 22:09 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys ==================== Files in the root of some directories ======= 2015-01-27 18:08 - 2015-01-27 18:18 - 6000640 _____ () C:\Program Files (x86)\GUTA718.tmp 2011-12-14 12:32 - 2011-12-14 12:32 - 0007859 _____ () C:\Users\Antonello\AppData\Roaming\pcouffin.cat 2011-12-14 12:32 - 2011-12-14 12:32 - 0001167 _____ () C:\Users\Antonello\AppData\Roaming\pcouffin.inf 2011-12-14 12:32 - 2011-12-14 12:32 - 0082816 _____ (VSO Software) C:\Users\Antonello\AppData\Roaming\pcouffin.sys 2014-11-12 12:58 - 2014-11-12 12:58 - 0000132 _____ () C:\Users\Antonello\AppData\Roaming\Preferenze filtro Adobe Esporta tracciati CC 2014-10-26 11:50 - 2014-10-27 17:05 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bak 2014-10-26 11:51 - 2014-10-26 21:20 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bk! 2014-10-26 15:52 - 2014-10-26 17:52 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.bko 2014-10-25 13:51 - 2014-10-27 17:22 - 0007988 _____ () C:\Users\Antonello\AppData\Roaming\PStrip.ini 2014-03-08 14:27 - 2014-03-08 14:27 - 0001456 _____ () C:\Users\Antonello\AppData\Local\Adobe Salva per Web e dispositivi 13.0 Prefs 2014-12-12 21:13 - 2014-12-12 21:13 - 0004608 _____ () C:\Users\Antonello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-04-11 08:20 - 2014-12-22 20:54 - 0007667 _____ () C:\Users\Antonello\AppData\Local\resmon.resmoncfg 2014-11-25 21:12 - 2014-11-25 21:12 - 0214238 _____ () C:\ProgramData\1416946073.bdinstall.bin 2014-11-26 21:16 - 2014-11-26 21:16 - 0037842 _____ () C:\ProgramData\1417032964.bdinstall.bin 2014-11-26 21:17 - 2014-11-26 21:17 - 0097104 _____ () C:\ProgramData\1417032970.bdinstall.bin 2013-11-11 20:33 - 2013-11-11 20:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 14:39 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top