Jump to content

marcorinaldi

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. hey nasdaq unfortunately the trojan popped out again! I followed your second tip with the chrome accounts but unfortunately It is in the system, the malwarebytes is not able to intercept it only the defender, therefore probably with the removal tool provided by the defenter the infection is not cleaned, malwarebytes is not intercepting it. any help please? I read it's quite dangerous, many thks for your help. ciao.
  2. hey Nasdaq, I run the fix, and this is the txt report. it looks like it made his job, now I'll run a scan both with defender and malwarebyte, keep u posted if the Trojan will pop up again. Many thks for your support, awesome, not easy to find this level of help! really appreciated. Fixlog.txt
  3. hey nasdaq, here attached the results and yes I'm using chrome on a iphone and on a mac too, synced. defender is daying the infection is locateted at AppData\Local\Microsoft\Windows\INetCache\IE but there are no files there. here the FRST.txt (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.3.532\AsusWSWinService.exe (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe (ASUSTeK Computer Inc. -> ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe (ASUSTeK Computer Inc. -> Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe (ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe (FabulaTech -> FabulaTech) C:\Windows\System32\ftvspksrv.exe (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) C:\Program Files\FlexRadio Systems\SmartSDR v3.1.8\DAX\DAX.exe (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) C:\Program Files\FlexRadio Systems\SmartSDR v3.1.8\SmartSDR CAT\Cat.exe (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) C:\Program Files\FlexRadio Systems\SmartSDR v3.1.8\SmartSDR.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (HamApps by VK3AMA) [File not signed] C:\Program Files (x86)\HamApps\JTAlert\JTAlert.exe (HamApps by VK3AMA) [File not signed] C:\Program Files (x86)\HamApps\JTAlert\plugins\JTAlertV2.Decodes.exe (HamApps by VK3AMA) [File not signed] C:\Program Files (x86)\HamApps\JTAlert\plugins\JTAlertV2.Manager.exe (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\ScanToPCActivationApp.exe (HRD Software, LLC -> HRD Software, LLC) C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HamRadioDeluxe.exe (HRD Software, LLC -> HRD Software, LLC) C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HRDLogbook.exe (HRD Software, LLC -> HRD Software, LLC) C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HRDRotator.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1254400 2015-12-18] (r2 Studios) [File not signed] HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] () [File not signed] HKU\S-1-5-21-3143613807-2781972967-2259573072-1001\...\Run: [HP OfficeJet Pro 6960 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\ScanToPCActivationApp.exe [3769992 2017-07-04] (Hewlett Packard -> HP Inc.) HKU\S-1-5-21-3143613807-2781972967-2259573072-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-12-09] (Apple Inc. -> Apple Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC) Startup: C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Term_2k_USB.exe [2014-09-13] () [File not signed] Startup: C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Term_2k_USB.lnk [2017-12-10] ShortcutTarget: Term_2k_USB.lnk -> C:\Users\marco\Desktop\sw\sw ham\Term_2k_USB.exe () [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {000F4EBB-4423-4728-B26D-F44B4FA8E230} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {0445BE25-4AD0-47ED-A989-F21E10FED06C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {04B242A4-F16B-4A39-B20E-D203E3581180} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [296216 2013-08-05] (ASUSTeK Computer Inc. -> ASUSTeK) Task: {073BCDCC-FFB4-4A7E-A1D5-3E1F62572FC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0C1293AE-3445-4A17-845D-024AF68FB587} - \WPD\SqmUpload_S-1-5-21-3143613807-2781972967-2259573072-1001 -> No File <==== ATTENTION Task: {0F67C0AD-2D0D-47CF-9D8A-242CEC4E6FBC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {142B2291-47B6-469D-A0D0-CD771A2E36A4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1445DC2A-E17B-4A45-A234-DEC89E924BF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {15D2251E-C459-4482-8C26-6F5CB8860B7C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {235DA2E0-4E2F-4E4A-960E-0DD02B753D57} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2458CA08-1AA6-4464-98CA-545AAB0EA619} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [196096 2013-11-12] (ASUSTeK) [File not signed] Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {35C25556-44A2-402D-ABBE-6509C20AC626} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe) Task: {40F78997-0C7A-4909-BF04-B1FEA04CC5DD} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [21784 2013-08-24] (ASUSTeK Computer Inc. -> ) Task: {4737662E-F78D-4761-B345-6CB4421E5612} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {4D92DE9A-48A5-4566-BB62-E5E849A8BC7A} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [548512 2013-04-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {4E56A226-CC00-480D-9A7E-B5C1DF3DB4E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {5A45FF81-C003-4E7C-9E47-44A59B4E3AF5} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [929424 2014-01-17] (ASUSTeK Computer Inc. -> ) [File not signed] Task: {5AF4B432-AAE2-4FB4-9DA6-1732B14CEB14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6CAF9EE7-541F-4D0B-9D4A-4F76A0302BB5} - System32\Tasks\{15A077B3-86A0-4146-85F0-C391AA08AAF2} => C:\Windows\system32\pcalua.exe -a C:\Users\marco\AppData\Local\Temp\Temp1_0001-Install_Win8_8.1_Win7_Vista_6112_03122014.zip\Install_Win8_8.1_Win7_Vista_6112_03122014\setup.exe <==== ATTENTION Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {6EE725FE-A710-44CC-A571-588677D259DF} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1568056 2014-01-23] (ASUSTeK Computer Inc. -> Microsoft) Task: {6F1AEC3A-5C5A-4FFF-8D6E-ADEB2856B81D} - System32\Tasks\slice master => C:\Users\marco\Desktop\slice-master.exe Task: {80F6DC55-281B-404F-9904-AA8BC380DD66} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82E743DA-55E8-43E6-A8C6-DE8D208249E4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {83AD7074-EA4B-40C1-97CE-04112BD09867} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {8478E589-CA4F-449D-9A90-A96DC7AD4055} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 6960 => C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\HPCustPartic.exe [6438536 2017-07-04] (Hewlett Packard -> HP Inc.) Task: {84DC7A52-C8E7-4B18-A351-8A0B95CA1052} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe Task: {855A8C90-14D3-47E1-8FE0-FA6BCF4333B3} - System32\Tasks\WizMouse => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> ) Task: {860EB8B2-0882-4C8E-9443-A54AEE5E6F0A} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [919696 2013-11-28] (ASUSTeK Computer Inc. -> ) [File not signed] Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {8747CF68-DC18-4226-9295-F18C15E5FAFD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {A2593569-6F7C-467A-B2A3-F08775459872} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe) Task: {A5439EC2-2A32-429E-BEA7-F4D9F9136166} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [930104 2013-11-29] (ASUSTeK Computer Inc. -> ) Task: {B5341B54-EA37-4286-97DA-443A91339EB6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB0FEEE0-6515-4BCA-B92E-2C36F8B4E3E6} - System32\Tasks\lancia wires x => C:\Program Files (x86)\YAESUMUSEN\WIRES-X\Wires-X.exe Task: {BD425382-DFC5-4CA7-AB12-03C1FFC7FBF1} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [225080 2013-11-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {C8A1D4D4-FAA7-4F62-9E7A-C69EFD60D31F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CA7A8031-BAB3-4C99-A238-4B1BB11DCEB7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {CC74B047-C3FC-45EE-AC0A-BAB131FD71AC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {D11F2DC8-7D8B-4D84-9B2E-EC3213C764A9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {D7E5A97D-2B4D-4A6E-AD33-CFBB21EAD09D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {DB6D0FD1-9B38-42AB-83FE-9C65A8A87258} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {F023B576-D07C-48DE-AC21-9355AA75BF47} - System32\Tasks\riavvia pc => shutdown [Argument = -r -t 0] Task: {FA8BAD70-3247-4C1C-A950-B4C4A6B19642} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-10] (Adobe Inc. -> Adobe) Task: {FD19B95F-D4AB-4F16-8897-D9C90B17C1F2} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [28623752 2017-11-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{542b94ec-b405-48df-9533-d16ab22f0d3d}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{b25b3583-bee4-46a0-a26d-2116864e1da1}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{b265b70a-18a7-4b03-824a-e36a8406e495}: [NameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3143613807-2781972967-2259573072-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> ) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> ) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC -> DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3143613807-2781972967-2259573072-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\marco\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-3143613807-2781972967-2259573072-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\marco\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.it/?gfe_rd=cr&ei=WtAOVuebBKmH8Qe1x5WQDA&gws_rd=ssl","hxxps://translate.google.it/","hxxp://www.qrz.com/","hxxp://www.dx-world.net/","hxxp://iono.jpl.nasa.gov/latest_rti_global.html","hxxp://www.reversebeacon.net/dxsd1/dxsd1.php?f=20","hxxps://www.pskreporter.info/pskmap.html?IK2LFF","hxxp://www.hrdlog.net/Default.aspx","hxxps://secure.clublog.org/index.php","hxxp://dxnews.com/","hxxp://www.arifidenza.it/Forum/","hxxp://www.hamradioweb.org/forums/","hxxp://qz.com/","hxxp://the-digital-reader.com/","hxxp://techcrunch.com/","hxxps://hamspots.net/" CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://mail.google.com; hxxps://mysecurity.eufylife.com; hxxps://ticketing.eolo.it; hxxps://www.autoscout24.it; hxxps://www.facebook.com CHR Profile: C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default [2020-01-03] CHR DownloadDir: C:\Users\marco\Desktop CHR Extension: (Presentazioni) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Documenti) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Facebook) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-09-13] CHR Extension: (Google Search) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Adobe Acrobat) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30] CHR Extension: (Fogli) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (qo - Quotidiani Online) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjgihlgkabklkgdfebkjacffgcflmbp [2015-06-05] CHR Extension: (Chrome Remote Desktop) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18] CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2015-03-04] CHR Extension: (Documenti Google offline) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13] CHR Extension: (Chrome Remote Desktop) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-07-01] CHR Extension: (Kobo Instant Reader) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknhjclcchfapglhbceedkoldnkmmhcc [2014-09-13] CHR Extension: (Cisco Webex Extension) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-07-13] CHR Extension: (Skype) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2020-01-01] CHR Extension: (Save to Pocket) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-09-25] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Blue Jeans Meeting) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodamnmigpadbnfioofpbacngdlcidgn [2019-02-07] CHR Extension: (Gmail) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [278544 2016-09-08] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] (ASUSTeK Computer Inc. -> ) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.3.532\AsusWSWinService.exe [75264 2015-08-21] (ASUS Cloud Corporation) [File not signed] R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.) R2 ftvspksrv; C:\WINDOWS\system32\ftvspksrv.exe [462152 2017-05-27] (FabulaTech -> FabulaTech) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] S3 HRD RemoteSvr; C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HRDRemoteSvr.exe [1959672 2018-11-22] (HRD Software, LLC -> ) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-27] (Malwarebytes Inc -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR TAIWAN CO., LTD -> NETGEAR) R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0306583.inf_amd64_1ead8178e568f9fb\atikmdag.sys [26551312 2016-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0306583.inf_amd64_1ead8178e568f9fb\atikmpag.sys [510992 2016-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> ) R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] (ASUSTeK Computer Inc. -> ) R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] (ASUSTeK Computer Inc. -> ) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R1 Capsax64Drv0; C:\WINDOWS\System32\Drivers\Capsax64Drv0.sys [35976 2014-08-15] (Colasoft LLC -> Colasoft Co., Ltd.) R1 CSN5PDTS82x64; C:\WINDOWS\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Chengdu Colasoft Co., Ltd. -> Colasoft Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-21] (Malwarebytes Corporation -> Malwarebytes) S3 evserial9; C:\WINDOWS\System32\DRIVERS\evserial9.sys [40448 2019-06-10] (Element 5 Limited Liability Company -> ELTIMA Software) R3 FlexRadioSystemDAXService_Audio; C:\WINDOWS\System32\drivers\audiodax.sys [79192 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) R3 FlexRadioSystemDAXService_IQ; C:\WINDOWS\System32\drivers\iqdax.sys [79320 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) R3 FlexRadioSystemDAXService_MICAudio; C:\WINDOWS\System32\drivers\micaudiodax.sys [79192 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) R3 FlexRadioSystemDAXService_TX; C:\WINDOWS\System32\drivers\txdax.sys [79320 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) R3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.) R3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] (Future Technology Devices International Ltd -> ) R3 ftvspenum; C:\WINDOWS\System32\drivers\ftvspenum.sys [65904 2017-05-16] (FabulaTech -> FabulaTech) R3 ftvsport; C:\WINDOWS\system32\DRIVERS\ftvsport.sys [78696 2017-05-27] (FabulaTech -> FabulaTech) S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation) R1 inpoutx64; C:\WINDOWS\system32\Drivers\hrdinpoutx64.sys [15008 2017-08-12] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk]) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-21] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-12-23] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-01-03] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-03] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-12-23] (Malwarebytes Corporation -> Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 NANMp50; C:\WINDOWS\System32\Drivers\NANMp50.sys [46776 2010-03-25] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 NANSp50; C:\WINDOWS\System32\Drivers\NANSp50.sys [45752 2010-03-25] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-07-27] (CACE Technologies, Inc. -> CACE Technologies, Inc.) R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [758352 2018-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) R3 RTWlanE02; C:\WINDOWS\System32\drivers\rtwlane02.sys [9599440 2018-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) R3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [196864 2016-08-02] (WDKTestCert charles-yeh,131069736795923936 -> Prolific Technology Inc.) R3 silabenm; C:\WINDOWS\system32\DRIVERS\silabenm.sys [23552 2014-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories) R3 silabser; C:\WINDOWS\system32\DRIVERS\silabser.sys [79360 2014-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories) R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2019-05-17] (Vincent Burel -> Windows (R) Win 7 DDK provider) S3 VSBC9; C:\WINDOWS\System32\drivers\evsbc9.sys [127488 2019-06-10] (Element 5 Limited Liability Company -> ELTIMA Software) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation) S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-03 16:54 - 2020-01-03 16:56 - 000039716 _____ C:\Users\marco\Desktop\FRST.txt 2020-01-03 16:53 - 2020-01-03 16:56 - 000000000 ____D C:\FRST 2020-01-03 16:49 - 2020-01-03 16:49 - 002272256 _____ (Farbar) C:\Users\marco\Desktop\FRST64.exe 2020-01-01 17:58 - 2020-01-01 17:58 - 001648545 _____ C:\Users\marco\Desktop\wetransfer-a3496e.zip 2020-01-01 11:31 - 2020-01-01 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware 2020-01-01 11:31 - 2020-01-01 11:31 - 000000000 ____D C:\ProgramData\GridinSoft 2020-01-01 11:28 - 2020-01-01 11:28 - 000989584 _____ (GridinSoft LLC) C:\Users\marco\Desktop\setup-antimalware-993.exe 2019-12-26 11:26 - 2019-12-26 11:26 - 000721408 _____ (hxxp://lame.sf.net) C:\Users\marco\Desktop\libmp3lame.dll 2019-12-23 00:19 - 2020-01-03 16:33 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-12-23 00:19 - 2020-01-03 16:33 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-12-23 00:19 - 2019-12-23 00:19 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-12-23 00:19 - 2019-12-23 00:19 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-12-22 23:33 - 2019-12-22 23:44 - 000001192 _____ C:\Users\marco\.lmmsrc.xml 2019-12-22 23:32 - 2019-12-22 23:32 - 000000000 ____D C:\Users\marco\Documents\lmms 2019-12-22 18:43 - 2019-12-22 18:43 - 004519936 _____ C:\Users\marco\Desktop\2019-12-22_18-36.wav 2019-12-22 17:49 - 2019-12-22 17:49 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-12-22 17:49 - 2019-12-22 17:49 - 000001087 _____ C:\Users\Public\Desktop\Audacity.lnk 2019-12-22 17:49 - 2019-12-22 17:49 - 000001087 _____ C:\ProgramData\Desktop\Audacity.lnk 2019-12-21 19:01 - 2019-12-23 00:06 - 002912256 _____ C:\Users\marco\Desktop\2019-CQWW-SSB-D4C-final.dxn 2019-12-21 11:42 - 2019-12-21 11:42 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-12-14 17:33 - 2019-12-14 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2019-12-10 20:06 - 2019-12-10 20:06 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-12-10 20:06 - 2019-12-10 20:06 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-12-10 20:06 - 2019-12-10 20:06 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-12-10 20:06 - 2019-12-10 20:06 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2019-12-10 20:06 - 2019-12-10 20:06 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-12-10 20:06 - 2019-12-10 20:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2019-12-10 19:27 - 2019-12-10 19:47 - 005133880 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2019-12-06 21:03 - 2019-12-06 21:03 - 000764625 _____ C:\Users\marco\Desktop\rfax.pdf 2019-12-06 19:04 - 2019-12-06 19:57 - 000000000 ____D C:\Users\marco\fldigi.files 2019-12-06 19:04 - 2019-12-06 19:04 - 000000000 ____D C:\Users\marco\NBEMS.files 2019-12-06 19:04 - 2019-12-06 19:04 - 000000000 ____D C:\Users\marco\AppData\Roaming\fltk.org 2019-12-06 19:04 - 2019-12-06 19:04 - 000000000 ____D C:\ProgramData\fltk.org 2019-12-05 18:58 - 2019-12-05 18:58 - 000164220 _____ C:\Users\marco\Desktop\SSDR_Config_12-05-19_18.58_v3.1.8.145.ssdr_cfg 2019-12-05 18:41 - 2019-12-19 23:41 - 000000236 _____ C:\WINDOWS\QTSXXDRY.INI 2019-12-05 18:41 - 2019-12-05 18:41 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaTTY.lnk 2019-12-05 18:41 - 2019-12-05 18:41 - 000001043 _____ C:\Users\Public\Desktop\SeaTTY.lnk 2019-12-05 18:41 - 2019-12-05 18:41 - 000001043 _____ C:\ProgramData\Desktop\SeaTTY.lnk 2019-12-05 18:41 - 2019-12-05 18:41 - 000000000 ____D C:\ProgramData\SeaTTY 2019-12-05 18:41 - 2019-12-05 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaTTY 2019-12-05 18:41 - 2019-12-05 18:41 - 000000000 ____D C:\Program Files (x86)\SeaTTY ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-03 16:42 - 2017-04-26 20:06 - 000000000 ____D C:\ProgramData\boost_interprocess 2020-01-03 16:38 - 2019-09-15 22:04 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B83E4589-F78E-4514-9A17-8F4E6263547A} 2020-01-03 16:34 - 2019-09-15 22:04 - 000003358 _____ C:\WINDOWS\system32\Tasks\WizMouse 2020-01-03 16:34 - 2019-07-01 22:37 - 000001118 _____ C:\Users\marco\Documents\HRD Software 7.0.lw.xml 2020-01-03 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-03 16:33 - 2014-09-13 15:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-03 16:32 - 2019-09-15 22:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-03 16:32 - 2019-09-15 21:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-03 15:58 - 2015-07-26 05:40 - 000000000 ____D C:\Users\marco\AppData\Local\WSJT-X 2020-01-03 11:09 - 2019-09-15 21:38 - 000000000 ____D C:\Users\marco 2020-01-03 11:09 - 2015-05-01 14:50 - 000000000 ____D C:\Users\marco\AppData\Local\Apple Inc 2020-01-03 11:09 - 2015-05-01 14:49 - 000000000 ____D C:\Users\marco\AppData\Local\55B986C4-08FD-4CC5-9984-E5A1149D59CD.aplzod 2020-01-02 04:35 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-02 04:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-12-31 15:07 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-12-31 04:55 - 2014-09-13 14:04 - 000000000 ____D C:\ProgramData\HRDLLC 2019-12-27 21:41 - 2018-09-23 20:58 - 000000000 ____D C:\Users\marco\AppData\Roaming\DXLog.net 2019-12-27 15:19 - 2019-05-17 20:41 - 000004697 _____ C:\Users\marco\AppData\Roaming\VoiceMeeterDefault.xml 2019-12-27 15:09 - 2017-04-26 19:52 - 000041666 _____ C:\Users\marco\AppData\Roaming\net.telestream.wirecast.xml 2019-12-27 13:53 - 2017-04-26 19:52 - 000000000 ____D C:\Users\marco\AppData\Roaming\Wirecast Play 2019-12-27 02:19 - 2018-12-19 10:30 - 000000000 ____D C:\Users\marco\AppData\Roaming\MacroCreator 2019-12-23 00:17 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-12-23 00:17 - 2017-12-02 11:57 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2019-12-23 00:02 - 2019-06-09 17:56 - 000000000 ____D C:\Users\marco\AppData\Roaming\audacity 2019-12-22 17:49 - 2019-06-09 17:56 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-12-22 11:27 - 2017-12-02 10:03 - 000000000 ____D C:\Users\marco\AppData\Local\Packages 2019-12-22 08:41 - 2015-11-08 00:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-12-22 05:19 - 2017-02-08 18:15 - 000000000 ____D C:\Users\marco\AppData\Local\HamApps 2019-12-22 05:18 - 2019-11-16 22:33 - 000001311 _____ C:\Users\Public\Desktop\JTAlert for WSJT-X.lnk 2019-12-22 05:18 - 2019-11-16 22:33 - 000001311 _____ C:\ProgramData\Desktop\JTAlert for WSJT-X.lnk 2019-12-22 05:18 - 2018-01-01 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamApps JTAlert 2019-12-22 04:42 - 2019-09-15 21:49 - 001758220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-12-22 04:42 - 2019-03-19 13:33 - 000780106 _____ C:\WINDOWS\system32\perfh010.dat 2019-12-22 04:42 - 2019-03-19 13:33 - 000146316 _____ C:\WINDOWS\system32\perfc010.dat 2019-12-22 04:42 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2019-12-21 19:01 - 2018-11-26 21:13 - 000000000 ____D C:\Users\marco\Desktop\d4c 2019-12-21 11:41 - 2019-07-04 22:04 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-12-19 06:30 - 2014-09-13 11:45 - 000002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-12-14 14:00 - 2019-09-15 22:04 - 000003672 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-12-14 14:00 - 2019-09-15 22:04 - 000003548 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-12-12 20:41 - 2019-05-17 20:42 - 000013916 _____ C:\Users\marco\Desktop\IK2LFF Live.wcst 2019-12-12 07:43 - 2014-09-16 04:54 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-12-12 07:38 - 2014-09-17 06:18 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-12-11 11:28 - 2015-12-14 18:04 - 000000000 ___RD C:\Users\marco\3D Objects 2019-12-11 11:28 - 2014-09-13 11:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-12-11 11:26 - 2019-09-15 21:30 - 000556832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-12-11 11:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources 2019-12-11 11:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-12-11 11:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-12-10 20:12 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-12-10 19:47 - 2019-09-15 22:04 - 000004682 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2019-12-10 19:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-12-10 19:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-12-10 19:28 - 2019-09-15 22:04 - 000004718 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2019-12-09 20:48 - 2019-05-21 11:19 - 000000000 ____D C:\Users\marco\Desktop\manuali flex 2019-12-09 13:13 - 2019-04-30 17:33 - 000000000 ____D C:\Users\marco\AppData\Roaming\FlexRadio Systems 2019-12-08 07:53 - 2018-03-01 19:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-12-06 21:25 - 2019-09-15 22:04 - 000003424 _____ C:\WINDOWS\system32\Tasks\riavvia pc 2019-12-06 20:13 - 2016-09-11 22:42 - 000000000 ____D C:\Program Files (x86)\SwannView Link 2019-12-05 23:03 - 2017-03-10 22:58 - 000000000 ____D C:\Users\marco\AppData\Local\WhatsApp 2019-12-05 23:03 - 2017-03-10 22:00 - 000000000 ____D C:\Users\marco\AppData\Roaming\WhatsApp 2019-12-05 20:43 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======== 2014-09-13 15:37 - 2015-04-08 21:01 - 000026528 _____ () C:\Users\marco\AppData\Roaming\net.telestream.producer.xml 2017-04-26 19:52 - 2019-12-27 15:09 - 000041666 _____ () C:\Users\marco\AppData\Roaming\net.telestream.wirecast.xml 2017-12-25 09:58 - 2017-12-25 09:58 - 000000119 _____ () C:\Users\marco\AppData\Roaming\Network Monitor II_#0_Traffic.ini 2019-05-17 19:50 - 2019-05-17 20:12 - 000000554 _____ () C:\Users\marco\AppData\Roaming\pc-capture-log.txt 2019-05-24 00:23 - 2019-05-24 00:23 - 000004581 _____ () C:\Users\marco\AppData\Roaming\SoundBytePrefs 2019-06-09 17:37 - 2018-06-20 06:19 - 001061610 _____ () C:\Users\marco\AppData\Roaming\VoiceKeyerUserManual.pdf 2019-05-17 20:41 - 2019-12-27 15:19 - 000004697 _____ () C:\Users\marco\AppData\Roaming\VoiceMeeterDefault.xml 2014-09-13 11:31 - 2015-12-14 12:24 - 003479951 _____ () C:\Users\marco\AppData\Local\BTServer.log 2014-09-29 22:17 - 2019-11-10 00:51 - 000007650 _____ () C:\Users\marco\AppData\Local\Resmon.ResmonCfg 2015-04-04 01:29 - 2015-04-04 01:29 - 000000000 _____ () C:\Users\marco\AppData\Local\{D0DE6BB2-EBBC-4CA4-9ECB-0AC757285297} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== let me know how to proceed, many thks for your help Addition.txt
  4. Ciao all. I'm struggling wit this trojan... Trojan:JS/Denali.A!ml defender is interecepting it but it is not able to clean it, everyday the trjon come alive again. malwarebytes is not intercepting it and I don't know how toclean my win 10 system. any tips? thks Marco.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.