Jump to content

Recommended Posts

Ciao all.

I'm struggling wit this trojan...

Trojan:JS/Denali.A!ml

defender is interecepting it but it is not able to clean it, everyday the trjon come alive again.

 

malwarebytes is not intercepting it and I don't know how toclean my win 10 system.

 

any tips?

thks

Marco.

 

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please post the logs for my review.

Wait for further instructions
====

p.s.
Let me know if the browser you normally use is Synced with other devices.

Share this post


Link to post
Share on other sites

hey nasdaq, here attached the results and yes I'm using chrome on a iphone and on a mac too, synced.

 

defender is daying the infection is locateted at AppData\Local\Microsoft\Windows\INetCache\IE but there are no files there.

 

here the FRST.txt 

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.3.532\AsusWSWinService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
(ASUSTeK Computer Inc. -> ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK Computer Inc. -> Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(FabulaTech -> FabulaTech) C:\Windows\System32\ftvspksrv.exe
(FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) C:\Program Files\FlexRadio Systems\SmartSDR v3.1.8\DAX\DAX.exe
(FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) C:\Program Files\FlexRadio Systems\SmartSDR v3.1.8\SmartSDR CAT\Cat.exe
(FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems) C:\Program Files\FlexRadio Systems\SmartSDR v3.1.8\SmartSDR.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(HamApps by VK3AMA) [File not signed] C:\Program Files (x86)\HamApps\JTAlert\JTAlert.exe
(HamApps by VK3AMA) [File not signed] C:\Program Files (x86)\HamApps\JTAlert\plugins\JTAlertV2.Decodes.exe
(HamApps by VK3AMA) [File not signed] C:\Program Files (x86)\HamApps\JTAlert\plugins\JTAlertV2.Manager.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\ScanToPCActivationApp.exe
(HRD Software, LLC -> HRD Software, LLC) C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HamRadioDeluxe.exe
(HRD Software, LLC -> HRD Software, LLC) C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HRDLogbook.exe
(HRD Software, LLC -> HRD Software, LLC) C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HRDRotator.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1254400 2015-12-18] (r2 Studios) [File not signed]
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] () [File not signed]
HKU\S-1-5-21-3143613807-2781972967-2259573072-1001\...\Run: [HP OfficeJet Pro 6960 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\ScanToPCActivationApp.exe [3769992 2017-07-04] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-3143613807-2781972967-2259573072-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-12-09] (Apple Inc. -> Apple Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
Startup: C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Term_2k_USB.exe [2014-09-13] () [File not signed]
Startup: C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Term_2k_USB.lnk [2017-12-10]
ShortcutTarget: Term_2k_USB.lnk -> C:\Users\marco\Desktop\sw\sw ham\Term_2k_USB.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000F4EBB-4423-4728-B26D-F44B4FA8E230} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0445BE25-4AD0-47ED-A989-F21E10FED06C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {04B242A4-F16B-4A39-B20E-D203E3581180} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [296216 2013-08-05] (ASUSTeK Computer Inc. -> ASUSTeK)
Task: {073BCDCC-FFB4-4A7E-A1D5-3E1F62572FC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0C1293AE-3445-4A17-845D-024AF68FB587} - \WPD\SqmUpload_S-1-5-21-3143613807-2781972967-2259573072-1001 -> No File <==== ATTENTION
Task: {0F67C0AD-2D0D-47CF-9D8A-242CEC4E6FBC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {142B2291-47B6-469D-A0D0-CD771A2E36A4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1445DC2A-E17B-4A45-A234-DEC89E924BF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {15D2251E-C459-4482-8C26-6F5CB8860B7C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {235DA2E0-4E2F-4E4A-960E-0DD02B753D57} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2458CA08-1AA6-4464-98CA-545AAB0EA619} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [196096 2013-11-12] (ASUSTeK) [File not signed]
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35C25556-44A2-402D-ABBE-6509C20AC626} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {40F78997-0C7A-4909-BF04-B1FEA04CC5DD} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [21784 2013-08-24] (ASUSTeK Computer Inc. -> )
Task: {4737662E-F78D-4761-B345-6CB4421E5612} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {4D92DE9A-48A5-4566-BB62-E5E849A8BC7A} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [548512 2013-04-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4E56A226-CC00-480D-9A7E-B5C1DF3DB4E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5A45FF81-C003-4E7C-9E47-44A59B4E3AF5} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [929424 2014-01-17] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {5AF4B432-AAE2-4FB4-9DA6-1732B14CEB14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6CAF9EE7-541F-4D0B-9D4A-4F76A0302BB5} - System32\Tasks\{15A077B3-86A0-4146-85F0-C391AA08AAF2} => C:\Windows\system32\pcalua.exe -a C:\Users\marco\AppData\Local\Temp\Temp1_0001-Install_Win8_8.1_Win7_Vista_6112_03122014.zip\Install_Win8_8.1_Win7_Vista_6112_03122014\setup.exe <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6EE725FE-A710-44CC-A571-588677D259DF} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1568056 2014-01-23] (ASUSTeK Computer Inc. -> Microsoft)
Task: {6F1AEC3A-5C5A-4FFF-8D6E-ADEB2856B81D} - System32\Tasks\slice master => C:\Users\marco\Desktop\slice-master.exe
Task: {80F6DC55-281B-404F-9904-AA8BC380DD66} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {82E743DA-55E8-43E6-A8C6-DE8D208249E4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {83AD7074-EA4B-40C1-97CE-04112BD09867} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8478E589-CA4F-449D-9A90-A96DC7AD4055} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 6960 => C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\HPCustPartic.exe [6438536 2017-07-04] (Hewlett Packard -> HP Inc.)
Task: {84DC7A52-C8E7-4B18-A351-8A0B95CA1052} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {855A8C90-14D3-47E1-8FE0-FA6BCF4333B3} - System32\Tasks\WizMouse => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
Task: {860EB8B2-0882-4C8E-9443-A54AEE5E6F0A} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [919696 2013-11-28] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8747CF68-DC18-4226-9295-F18C15E5FAFD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A2593569-6F7C-467A-B2A3-F08775459872} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {A5439EC2-2A32-429E-BEA7-F4D9F9136166} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [930104 2013-11-29] (ASUSTeK Computer Inc. -> )
Task: {B5341B54-EA37-4286-97DA-443A91339EB6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB0FEEE0-6515-4BCA-B92E-2C36F8B4E3E6} - System32\Tasks\lancia wires x => C:\Program Files (x86)\YAESUMUSEN\WIRES-X\Wires-X.exe
Task: {BD425382-DFC5-4CA7-AB12-03C1FFC7FBF1} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [225080 2013-11-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {C8A1D4D4-FAA7-4F62-9E7A-C69EFD60D31F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CA7A8031-BAB3-4C99-A238-4B1BB11DCEB7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CC74B047-C3FC-45EE-AC0A-BAB131FD71AC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D11F2DC8-7D8B-4D84-9B2E-EC3213C764A9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D7E5A97D-2B4D-4A6E-AD33-CFBB21EAD09D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {DB6D0FD1-9B38-42AB-83FE-9C65A8A87258} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {F023B576-D07C-48DE-AC21-9355AA75BF47} - System32\Tasks\riavvia pc => shutdown [Argument = -r -t 0]
Task: {FA8BAD70-3247-4C1C-A950-B4C4A6B19642} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-10] (Adobe Inc. -> Adobe)
Task: {FD19B95F-D4AB-4F16-8897-D9C90B17C1F2} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [28623752 2017-11-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{542b94ec-b405-48df-9533-d16ab22f0d3d}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{b25b3583-bee4-46a0-a26d-2116864e1da1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b265b70a-18a7-4b03-824a-e36a8406e495}: [NameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3143613807-2781972967-2259573072-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3143613807-2781972967-2259573072-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\marco\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3143613807-2781972967-2259573072-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\marco\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.it/?gfe_rd=cr&ei=WtAOVuebBKmH8Qe1x5WQDA&gws_rd=ssl","hxxps://translate.google.it/","hxxp://www.qrz.com/","hxxp://www.dx-world.net/","hxxp://iono.jpl.nasa.gov/latest_rti_global.html","hxxp://www.reversebeacon.net/dxsd1/dxsd1.php?f=20","hxxps://www.pskreporter.info/pskmap.html?IK2LFF","hxxp://www.hrdlog.net/Default.aspx","hxxps://secure.clublog.org/index.php","hxxp://dxnews.com/","hxxp://www.arifidenza.it/Forum/","hxxp://www.hamradioweb.org/forums/","hxxp://qz.com/","hxxp://the-digital-reader.com/","hxxp://techcrunch.com/","hxxps://hamspots.net/"
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://mail.google.com; hxxps://mysecurity.eufylife.com; hxxps://ticketing.eolo.it; hxxps://www.autoscout24.it; hxxps://www.facebook.com
CHR Profile: C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default [2020-01-03]
CHR DownloadDir: C:\Users\marco\Desktop
CHR Extension: (Presentazioni) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documenti) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Facebook) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-09-13]
CHR Extension: (Google Search) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30]
CHR Extension: (Fogli) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (qo - Quotidiani Online) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjgihlgkabklkgdfebkjacffgcflmbp [2015-06-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2015-03-04]
CHR Extension: (Documenti Google offline) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-07-01]
CHR Extension: (Kobo Instant Reader) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknhjclcchfapglhbceedkoldnkmmhcc [2014-09-13]
CHR Extension: (Cisco Webex Extension) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-07-13]
CHR Extension: (Skype) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2020-01-01]
CHR Extension: (Save to Pocket) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-09-25]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Blue Jeans Meeting) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodamnmigpadbnfioofpbacngdlcidgn [2019-02-07]
CHR Extension: (Gmail) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [278544 2016-09-08] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] (ASUSTeK Computer Inc. -> )
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.3.532\AsusWSWinService.exe [75264 2015-08-21] (ASUS Cloud Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
R2 ftvspksrv; C:\WINDOWS\system32\ftvspksrv.exe [462152 2017-05-27] (FabulaTech -> FabulaTech)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 HRD RemoteSvr; C:\Program Files (x86)\HRD Software LLC\Ham Radio Deluxe\HRDRemoteSvr.exe [1959672 2018-11-22] (HRD Software, LLC -> )
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-27] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR TAIWAN CO., LTD -> NETGEAR)
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0306583.inf_amd64_1ead8178e568f9fb\atikmdag.sys [26551312 2016-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0306583.inf_amd64_1ead8178e568f9fb\atikmpag.sys [510992 2016-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> )
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] (ASUSTeK Computer Inc. -> )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 Capsax64Drv0; C:\WINDOWS\System32\Drivers\Capsax64Drv0.sys [35976 2014-08-15] (Colasoft LLC -> Colasoft Co., Ltd.)
R1 CSN5PDTS82x64; C:\WINDOWS\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Chengdu Colasoft Co., Ltd. -> Colasoft Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-21] (Malwarebytes Corporation -> Malwarebytes)
S3 evserial9; C:\WINDOWS\System32\DRIVERS\evserial9.sys [40448 2019-06-10] (Element 5 Limited Liability Company -> ELTIMA Software)
R3 FlexRadioSystemDAXService_Audio; C:\WINDOWS\System32\drivers\audiodax.sys [79192 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems)
R3 FlexRadioSystemDAXService_IQ; C:\WINDOWS\System32\drivers\iqdax.sys [79320 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems)
R3 FlexRadioSystemDAXService_MICAudio; C:\WINDOWS\System32\drivers\micaudiodax.sys [79192 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems)
R3 FlexRadioSystemDAXService_TX; C:\WINDOWS\System32\drivers\txdax.sys [79320 2019-08-02] (FlexRadio Systems (Bronze Bear Communications, Inc.) -> FlexRadio Systems)
R3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.)
R3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] (Future Technology Devices International Ltd -> )
R3 ftvspenum; C:\WINDOWS\System32\drivers\ftvspenum.sys [65904 2017-05-16] (FabulaTech -> FabulaTech)
R3 ftvsport; C:\WINDOWS\system32\DRIVERS\ftvsport.sys [78696 2017-05-27] (FabulaTech -> FabulaTech)
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation)
R1 inpoutx64; C:\WINDOWS\system32\Drivers\hrdinpoutx64.sys [15008 2017-08-12] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-12-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-01-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-12-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NANMp50; C:\WINDOWS\System32\Drivers\NANMp50.sys [46776 2010-03-25] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 NANSp50; C:\WINDOWS\System32\Drivers\NANSp50.sys [45752 2010-03-25] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-07-27] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [758352 2018-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE02; C:\WINDOWS\System32\drivers\rtwlane02.sys [9599440 2018-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [196864 2016-08-02] (WDKTestCert charles-yeh,131069736795923936 -> Prolific Technology Inc.)
R3 silabenm; C:\WINDOWS\system32\DRIVERS\silabenm.sys [23552 2014-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
R3 silabser; C:\WINDOWS\system32\DRIVERS\silabser.sys [79360 2014-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2019-05-17] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VSBC9; C:\WINDOWS\System32\drivers\evsbc9.sys [127488 2019-06-10] (Element 5 Limited Liability Company -> ELTIMA Software)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-03 16:54 - 2020-01-03 16:56 - 000039716 _____ C:\Users\marco\Desktop\FRST.txt
2020-01-03 16:53 - 2020-01-03 16:56 - 000000000 ____D C:\FRST
2020-01-03 16:49 - 2020-01-03 16:49 - 002272256 _____ (Farbar) C:\Users\marco\Desktop\FRST64.exe
2020-01-01 17:58 - 2020-01-01 17:58 - 001648545 _____ C:\Users\marco\Desktop\wetransfer-a3496e.zip
2020-01-01 11:31 - 2020-01-01 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-01-01 11:31 - 2020-01-01 11:31 - 000000000 ____D C:\ProgramData\GridinSoft
2020-01-01 11:28 - 2020-01-01 11:28 - 000989584 _____ (GridinSoft LLC) C:\Users\marco\Desktop\setup-antimalware-993.exe
2019-12-26 11:26 - 2019-12-26 11:26 - 000721408 _____ (hxxp://lame.sf.net) C:\Users\marco\Desktop\libmp3lame.dll
2019-12-23 00:19 - 2020-01-03 16:33 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-23 00:19 - 2020-01-03 16:33 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-12-23 00:19 - 2019-12-23 00:19 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-12-23 00:19 - 2019-12-23 00:19 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-12-22 23:33 - 2019-12-22 23:44 - 000001192 _____ C:\Users\marco\.lmmsrc.xml
2019-12-22 23:32 - 2019-12-22 23:32 - 000000000 ____D C:\Users\marco\Documents\lmms
2019-12-22 18:43 - 2019-12-22 18:43 - 004519936 _____ C:\Users\marco\Desktop\2019-12-22_18-36.wav
2019-12-22 17:49 - 2019-12-22 17:49 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-12-22 17:49 - 2019-12-22 17:49 - 000001087 _____ C:\Users\Public\Desktop\Audacity.lnk
2019-12-22 17:49 - 2019-12-22 17:49 - 000001087 _____ C:\ProgramData\Desktop\Audacity.lnk
2019-12-21 19:01 - 2019-12-23 00:06 - 002912256 _____ C:\Users\marco\Desktop\2019-CQWW-SSB-D4C-final.dxn
2019-12-21 11:42 - 2019-12-21 11:42 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-14 17:33 - 2019-12-14 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-12-10 20:06 - 2019-12-10 20:06 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-10 20:06 - 2019-12-10 20:06 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-10 20:06 - 2019-12-10 20:06 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-10 20:06 - 2019-12-10 20:06 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-10 20:06 - 2019-12-10 20:06 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-10 20:06 - 2019-12-10 20:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-10 19:27 - 2019-12-10 19:47 - 005133880 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-12-06 21:03 - 2019-12-06 21:03 - 000764625 _____ C:\Users\marco\Desktop\rfax.pdf
2019-12-06 19:04 - 2019-12-06 19:57 - 000000000 ____D C:\Users\marco\fldigi.files
2019-12-06 19:04 - 2019-12-06 19:04 - 000000000 ____D C:\Users\marco\NBEMS.files
2019-12-06 19:04 - 2019-12-06 19:04 - 000000000 ____D C:\Users\marco\AppData\Roaming\fltk.org
2019-12-06 19:04 - 2019-12-06 19:04 - 000000000 ____D C:\ProgramData\fltk.org
2019-12-05 18:58 - 2019-12-05 18:58 - 000164220 _____ C:\Users\marco\Desktop\SSDR_Config_12-05-19_18.58_v3.1.8.145.ssdr_cfg
2019-12-05 18:41 - 2019-12-19 23:41 - 000000236 _____ C:\WINDOWS\QTSXXDRY.INI
2019-12-05 18:41 - 2019-12-05 18:41 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaTTY.lnk
2019-12-05 18:41 - 2019-12-05 18:41 - 000001043 _____ C:\Users\Public\Desktop\SeaTTY.lnk
2019-12-05 18:41 - 2019-12-05 18:41 - 000001043 _____ C:\ProgramData\Desktop\SeaTTY.lnk
2019-12-05 18:41 - 2019-12-05 18:41 - 000000000 ____D C:\ProgramData\SeaTTY
2019-12-05 18:41 - 2019-12-05 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaTTY
2019-12-05 18:41 - 2019-12-05 18:41 - 000000000 ____D C:\Program Files (x86)\SeaTTY

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-03 16:42 - 2017-04-26 20:06 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-01-03 16:38 - 2019-09-15 22:04 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B83E4589-F78E-4514-9A17-8F4E6263547A}
2020-01-03 16:34 - 2019-09-15 22:04 - 000003358 _____ C:\WINDOWS\system32\Tasks\WizMouse
2020-01-03 16:34 - 2019-07-01 22:37 - 000001118 _____ C:\Users\marco\Documents\HRD Software 7.0.lw.xml
2020-01-03 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-03 16:33 - 2014-09-13 15:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-03 16:32 - 2019-09-15 22:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-03 16:32 - 2019-09-15 21:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-03 15:58 - 2015-07-26 05:40 - 000000000 ____D C:\Users\marco\AppData\Local\WSJT-X
2020-01-03 11:09 - 2019-09-15 21:38 - 000000000 ____D C:\Users\marco
2020-01-03 11:09 - 2015-05-01 14:50 - 000000000 ____D C:\Users\marco\AppData\Local\Apple Inc
2020-01-03 11:09 - 2015-05-01 14:49 - 000000000 ____D C:\Users\marco\AppData\Local\55B986C4-08FD-4CC5-9984-E5A1149D59CD.aplzod
2020-01-02 04:35 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-02 04:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-31 15:07 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-12-31 04:55 - 2014-09-13 14:04 - 000000000 ____D C:\ProgramData\HRDLLC
2019-12-27 21:41 - 2018-09-23 20:58 - 000000000 ____D C:\Users\marco\AppData\Roaming\DXLog.net
2019-12-27 15:19 - 2019-05-17 20:41 - 000004697 _____ C:\Users\marco\AppData\Roaming\VoiceMeeterDefault.xml
2019-12-27 15:09 - 2017-04-26 19:52 - 000041666 _____ C:\Users\marco\AppData\Roaming\net.telestream.wirecast.xml
2019-12-27 13:53 - 2017-04-26 19:52 - 000000000 ____D C:\Users\marco\AppData\Roaming\Wirecast Play
2019-12-27 02:19 - 2018-12-19 10:30 - 000000000 ____D C:\Users\marco\AppData\Roaming\MacroCreator
2019-12-23 00:17 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-23 00:17 - 2017-12-02 11:57 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-12-23 00:02 - 2019-06-09 17:56 - 000000000 ____D C:\Users\marco\AppData\Roaming\audacity
2019-12-22 17:49 - 2019-06-09 17:56 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-12-22 11:27 - 2017-12-02 10:03 - 000000000 ____D C:\Users\marco\AppData\Local\Packages
2019-12-22 08:41 - 2015-11-08 00:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-22 05:19 - 2017-02-08 18:15 - 000000000 ____D C:\Users\marco\AppData\Local\HamApps
2019-12-22 05:18 - 2019-11-16 22:33 - 000001311 _____ C:\Users\Public\Desktop\JTAlert for WSJT-X.lnk
2019-12-22 05:18 - 2019-11-16 22:33 - 000001311 _____ C:\ProgramData\Desktop\JTAlert for WSJT-X.lnk
2019-12-22 05:18 - 2018-01-01 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamApps JTAlert
2019-12-22 04:42 - 2019-09-15 21:49 - 001758220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-22 04:42 - 2019-03-19 13:33 - 000780106 _____ C:\WINDOWS\system32\perfh010.dat
2019-12-22 04:42 - 2019-03-19 13:33 - 000146316 _____ C:\WINDOWS\system32\perfc010.dat
2019-12-22 04:42 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-21 19:01 - 2018-11-26 21:13 - 000000000 ____D C:\Users\marco\Desktop\d4c
2019-12-21 11:41 - 2019-07-04 22:04 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-19 06:30 - 2014-09-13 11:45 - 000002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-14 14:00 - 2019-09-15 22:04 - 000003672 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 14:00 - 2019-09-15 22:04 - 000003548 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-12 20:41 - 2019-05-17 20:42 - 000013916 _____ C:\Users\marco\Desktop\IK2LFF Live.wcst
2019-12-12 07:43 - 2014-09-16 04:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 07:38 - 2014-09-17 06:18 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 11:28 - 2015-12-14 18:04 - 000000000 ___RD C:\Users\marco\3D Objects
2019-12-11 11:28 - 2014-09-13 11:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-11 11:26 - 2019-09-15 21:30 - 000556832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 11:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 11:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 11:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-10 20:12 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-10 19:47 - 2019-09-15 22:04 - 000004682 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-10 19:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-10 19:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-12-10 19:28 - 2019-09-15 22:04 - 000004718 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-09 20:48 - 2019-05-21 11:19 - 000000000 ____D C:\Users\marco\Desktop\manuali flex
2019-12-09 13:13 - 2019-04-30 17:33 - 000000000 ____D C:\Users\marco\AppData\Roaming\FlexRadio Systems
2019-12-08 07:53 - 2018-03-01 19:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-06 21:25 - 2019-09-15 22:04 - 000003424 _____ C:\WINDOWS\system32\Tasks\riavvia pc
2019-12-06 20:13 - 2016-09-11 22:42 - 000000000 ____D C:\Program Files (x86)\SwannView Link
2019-12-05 23:03 - 2017-03-10 22:58 - 000000000 ____D C:\Users\marco\AppData\Local\WhatsApp
2019-12-05 23:03 - 2017-03-10 22:00 - 000000000 ____D C:\Users\marco\AppData\Roaming\WhatsApp
2019-12-05 20:43 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ========

2014-09-13 15:37 - 2015-04-08 21:01 - 000026528 _____ () C:\Users\marco\AppData\Roaming\net.telestream.producer.xml
2017-04-26 19:52 - 2019-12-27 15:09 - 000041666 _____ () C:\Users\marco\AppData\Roaming\net.telestream.wirecast.xml
2017-12-25 09:58 - 2017-12-25 09:58 - 000000119 _____ () C:\Users\marco\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2019-05-17 19:50 - 2019-05-17 20:12 - 000000554 _____ () C:\Users\marco\AppData\Roaming\pc-capture-log.txt
2019-05-24 00:23 - 2019-05-24 00:23 - 000004581 _____ () C:\Users\marco\AppData\Roaming\SoundBytePrefs
2019-06-09 17:37 - 2018-06-20 06:19 - 001061610 _____ () C:\Users\marco\AppData\Roaming\VoiceKeyerUserManual.pdf
2019-05-17 20:41 - 2019-12-27 15:19 - 000004697 _____ () C:\Users\marco\AppData\Roaming\VoiceMeeterDefault.xml
2014-09-13 11:31 - 2015-12-14 12:24 - 003479951 _____ () C:\Users\marco\AppData\Local\BTServer.log
2014-09-29 22:17 - 2019-11-10 00:51 - 000007650 _____ () C:\Users\marco\AppData\Local\Resmon.ResmonCfg
2015-04-04 01:29 - 2015-04-04 01:29 - 000000000 _____ () C:\Users\marco\AppData\Local\{D0DE6BB2-EBBC-4CA4-9ECB-0AC757285297}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

 

 

 

 

 

 

let me know how to proceed, many thks for your help

 

 

Addition.txt

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt.

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Let me know if the problem is solved?

 

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

hey Nasdaq, 

 

I run the fix, and this is the txt report.

it looks like it made his job, now I'll run a scan both with defender and malwarebyte, keep u posted if the Trojan will pop up again.

 

Many thks for your support, awesome, not easy to find this level of help!

really appreciated.

 

 

Fixlog.txt

Share this post


Link to post
Share on other sites

hey nasdaq unfortunately the trojan popped out again!

I followed your second tip with the chrome accounts but unfortunately It is in the system, the malwarebytes is not able to intercept it only the defender, therefore probably with the removal tool provided by the defenter the infection is not cleaned, malwarebytes is not intercepting it.

 

any help please? I read it's quite dangerous, many thks for your help.

 

ciao.

 

Share this post


Link to post
Share on other sites

Hello marcorinaldi.

I regret to see that your last post has been over-looked.  It looks to me that you report that the windows 10 Windows Defender continues to notify you about some file.

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows, without having to create bootable media.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 
In Windows Settings  >>> click on Windows Security from the left side list.
Next, In Windows Security section:  Click on the grey button Open Windows Security
next click on the blue Scan options
Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.

and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.
 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.