Solved Malwarebytes keep saying that it blocked a trojan

[WatuZ]

Malwarebytes keep saying that it blocked a trojan from an inbound connection on different ip adresses and I was wondering if I have a virus or malware on my system.

 

[WatuZ]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by ander (administrator) on DESKTOP-VPP14F8 (MSI MS-7998) (29-12-2019 02:43:23)
Running from C:\Users\ander\Downloads
Loaded Profiles: ander (Available Profiles: ander)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: Svenska (Sverige)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [Discord] => C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1950752 2019-12-19] (TEFINCOM S.A. -> NordVPN)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-20] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3FB86F57-5B69-4CAF-9543-301955B31786} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {40C1AD0A-D13F-4510-B5C1-3515E0D7E4CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-18] (Google Inc -> Google LLC)
Task: {A830BD2B-D4A4-4EAA-9983-EF7E92A27978} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CA79E67E-F035-462E-BDE2-4CF79325E11C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {D94EA18D-9174-415B-8A20-8C26B31180BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DBADFE7B-BA37-427F-A4D9-E98566C200BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5296EC1-4038-43BA-9197-5F5DC43C541F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF9430CA-BD43-4798-AA8F-441F1B25F5B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-18] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 83.255.255.1 83.255.255.2
Tcpip\..\Interfaces\{239a7ab9-d5b0-4ee1-b1bc-afd427b2eeed}: [DhcpNameServer] 83.255.255.1 83.255.255.2
Tcpip\..\Interfaces\{eb812b38-fd97-4329-9ab5-0b2200a32e2a}: [DhcpNameServer] 103.86.96.100 103.86.99.100

Internet Explorer:
==================
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://entgaming.net/entconnect/1
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-07] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-07] (Google LLC -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://websearch.searchboxes.info/?pid=298&r=2013/07/20&hid=2658533162&lg=EN&cc=SE&unqvl=28
CHR StartupUrls: Default -> "hxxp://www.dota2.com/leaderboards/#americas","hxxps://www.youtube.com/watch?v=gvbcnWULwJ4","hxxps://www.youtube.com/watch?v=_I-xFIRyKVU&index=146&list=PLvKV_Qc64JR_49F7LmBf9kOKELY-7m7Lz","hxxps://www.youtube.com/watch?v=i4SupiOPPCo","hxxps://www.youtube.com/watch?v=2o-ndHHQFL0&index=1&list=PL7VDr58somPlUFKo-BTahr6UK7TokvNW0","hxxps://www.youtube.com/playlist?list=PLmBNQlZMGQ3XQK9xO41fcnA3Ejf4n1Oul","hxxps://www.youtube.com/user/TrumpSC/videos","hxxps://tempostorm.com/hearthstone/meta-snapshot/standard/2016-11-19","hxxps://www.youtube.com/watch?v=qGbgUA_wXYI","hxxps://www.youtube.com/watch?v=tv0p03214gA","hxxps://www.youtube.com/watch?v=qHZpUbT4alA","hxxps://www.faceit.com/en/players/WatuZ","hxxps://www.youtube.com/watch?v=Rh_5IR586h0","hxxps://www.good-gaming.com/tournament/results/53","hxxps://www.youtube.com/watch?v=NQNwjEkszvg","hxxps://www.youtube.com/watch?v=0NcIGBKXMOE","hxxps://www.youtube.com/watch?v=J5eT_fV_Kd8","hxxps://www.youtube.com/watch?v=QFS8VbFw8q8","hxxps://www.youtube.com/watch?v=DOnnVY4cyZU","hxxps://www.youtube.com/feed/subscriptions","hxxps://www.reddit.com/r/hearthstone/#res:ner-page=2","hxxps://www.youtube.com/watch?v=9Bnu0UrgxBg","hxxps://www.reddit.com/r/DotA2/","hxxps://www.youtube.com/watch?v=6iAbin7eCns&index=21&list=PLcX2deN0eVvIpFP9LDDQRuKhN2ugt3sII","hxxps://www.youtube.com/watch?v=qHZpUbT4alA","hxxps://www.komplett.se/product/902540/datorutrustning/mustangentbord/gamingmus/razer-deathadder-elite-chroma-gaming-mus?gclid=CjwKEAiA1ITCBRDO-oLA-q_n8xYSJADjBQfG-VUw3MGiZxzzCnADPOSCn7DYbM-aFwQger0UchbQwBoCtNbw_wcB&gclsrc=aw.ds#technical-details","hxxps://www.youtube.com/watch?v=_Di5DVzIrUQ","hxxps://www.youtube.com/watch?v=6P9HNaxHZHI","hxxps://www.youtube.com/watch?v=KQbaASz6LtQ","hxxp://fantasy.prizetrac.kr/bostonmajor2016/overview","hxxps://www.youtube.com/watch?v=AZxnEcCVzHQ&list=PL7VDr58somPkiQ5XtkQrT024krzLbdqje&index=45","hxxps://www.youtube.com/watch?v=D4HFvyRXsVY","hxxps://www.youtube.com/watch?v=n42JN-TMSkk","hxxps://www.youtube.com/watch?v=PAR-HhR0Vp0","hxxps://strike.good-gaming.com/results/ebf2492f-594c-4a4f-b9e7-2c37595b75b2","hxxps://gyazo.com/e738609d2ec0aaf34acc2838e0c8e61e","hxxps://gyazo.com/e5df123bc62165c0373d00523c0f3dae","hxxps://gyazo.com/2c90e30221f37242fb139cb4c8be9d6a","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default [2019-12-29]
CHR Extension: (Presentationer) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-18]
CHR Extension: (BetterTTV) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-12-09]
CHR Extension: (Dokument) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-18]
CHR Extension: (Google Drive) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-18]
CHR Extension: (YouTube) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-18]
CHR Extension: (uBlock Origin) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-29]
CHR Extension: (Tampermonkey) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-07]
CHR Extension: (FrankerFaceZ) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-08-18]
CHR Extension: (Kalkylark) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-18]
CHR Extension: (Google Dokument Offline) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-18]
CHR Extension: (Imagus) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2019-08-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-12-22]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-09-11] (Apple Inc. -> Apple Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-05-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [222240 2019-12-19] (TEFINCOM S.A. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-20] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-12-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-12-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-12-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-12-26] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fd332b7c7ad5fe7e\nvlddmkm.sys [22347976 2019-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-29 02:43 - 2019-12-29 02:43 - 000022109 _____ C:\Users\ander\Downloads\FRST.txt
2019-12-29 02:41 - 2019-12-29 02:43 - 000000000 ____D C:\FRST
2019-12-29 02:41 - 2019-12-29 02:41 - 000000000 ____D C:\Users\ander\Downloads\FRST-OlderVersion
2019-12-29 02:40 - 2019-12-29 02:41 - 002272256 _____ (Farbar) C:\Users\ander\Downloads\FRST64 (1).exe
2019-12-27 21:00 - 2019-12-27 21:01 - 000001509 _____ C:\Users\ander\Desktop\X.lnk
2019-12-27 04:01 - 2019-12-27 04:01 - 000000017 _____ C:\Users\ander\AppData\Local\resmon.resmoncfg
2019-12-26 16:25 - 2019-12-27 16:28 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-26 16:25 - 2019-12-27 16:28 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-12-26 16:25 - 2019-12-26 16:25 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-12-26 16:25 - 2019-12-26 16:25 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-12-26 16:24 - 2019-12-26 16:24 - 000000000 ____D C:\Users\ander\AppData\Local\ElevatedDiagnostics
2019-12-24 23:08 - 2019-12-24 23:08 - 000002055 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-12-24 23:08 - 2019-12-24 23:08 - 000002055 _____ C:\ProgramData\Desktop\NordVPN.lnk
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\Users\ander\AppData\Local\NordVPN
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\ProgramData\NordVPN
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\ProgramData\Caphyon
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\Program Files (x86)\NordVPN
2019-12-20 15:55 - 2019-12-20 15:55 - 034601768 _____ (ExpressVPN) C:\Users\ander\Downloads\expressvpn_7.7.11.4.exe
2019-12-20 15:52 - 2019-12-20 15:52 - 000000008 _____ C:\Users\ander\Desktop\lösen.txt
2019-12-20 15:11 - 2019-12-20 15:11 - 000042927 _____ C:\Users\ander\Downloads\harry-potter-and-the-chamber-of-secrets-swedish-yify-61608.zip
2019-12-20 15:11 - 2007-11-30 14:30 - 000113330 _____ C:\Users\ander\Desktop\Harry.Potter.And.The.Chamber.Of.Secrets.2002.720p.BluRay.x264-SiNNERS.srt
2019-12-20 15:07 - 2019-12-27 04:13 - 000000000 ____D C:\Users\ander\Documents\filmer
2019-12-20 11:52 - 2019-12-20 11:52 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-19 03:06 - 2019-12-19 03:06 - 000808002 _____ C:\Users\ander\Downloads\window-on-top.zip
2019-12-19 03:06 - 2019-12-19 03:06 - 000001248 _____ C:\Users\ander\Desktop\Window On Top.lnk
2019-12-19 03:06 - 2019-12-19 03:06 - 000000000 ____D C:\Users\ander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skybn Software
2019-12-19 03:06 - 2019-12-19 03:06 - 000000000 ____D C:\Users\ander\AppData\Local\skybn
2019-12-16 07:44 - 2019-12-16 07:46 - 000000000 ____D C:\ProgramData\HitmanPro
2019-12-16 07:44 - 2019-12-16 07:45 - 011575104 _____ (SurfRight B.V.) C:\Users\ander\Downloads\HitmanPro_x64.exe
2019-12-16 01:06 - 2019-12-16 01:06 - 000004032 _____ C:\Users\ander\Documents\cc_20191216_010611.reg
2019-12-16 01:04 - 2019-12-16 01:05 - 000085240 _____ C:\Users\ander\Documents\cc_20191216_010403.reg
2019-12-16 01:02 - 2019-12-23 10:07 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-16 01:02 - 2019-12-16 01:02 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-12-16 01:02 - 2019-12-16 01:02 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-12-16 01:02 - 2019-12-16 01:02 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-12-16 01:02 - 2019-12-16 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-12-16 01:02 - 2019-12-16 01:02 - 000000000 ____D C:\Program Files\CCleaner
2019-12-11 16:47 - 2019-12-11 16:47 - 000000000 ____D C:\Users\ander\AppData\Local\Apps\2.0
2019-12-11 14:34 - 2019-12-11 14:34 - 000002132 _____ C:\Users\ander\Desktop\JDownloader 2.lnk
2019-12-11 14:34 - 2019-12-11 14:34 - 000000000 ____D C:\Users\ander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2019-12-11 14:33 - 2019-12-11 15:01 - 000000000 ____D C:\Users\ander\AppData\Local\JDownloader 2.0
2019-12-11 14:32 - 2019-12-11 14:32 - 045339480 _____ (AppWork GmbH) C:\Users\ander\Downloads\JDownloaderSetup.exe
2019-12-11 14:21 - 2019-03-22 10:14 - 000006184 _____ C:\Users\ander\Desktop\Video Stream Downloader (Example-2).ipynb
2019-12-11 14:21 - 2019-03-22 10:14 - 000001464 _____ C:\Users\ander\Desktop\Video Stream Downloader (Example-1).ipynb
2019-12-11 14:15 - 2019-12-11 14:15 - 026406312 _____ (Python Software Foundation) C:\Users\ander\Downloads\python-3.8.0.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-10 23:43 - 2019-12-10 23:43 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-10 23:43 - 2019-12-10 23:43 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-09 17:44 - 2019-12-09 17:44 - 000000000 ____D C:\Users\ander\AppData\Local\cache
2019-12-06 06:08 - 2019-12-06 06:08 - 000044304 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-28 23:45 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-28 22:12 - 2019-08-20 19:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-28 17:12 - 2019-08-31 05:52 - 000000044 _____ C:\Users\ander\jagex_cl_oldschool_LIVE.dat
2019-12-28 17:12 - 2019-08-31 05:52 - 000000024 _____ C:\Users\ander\random.dat
2019-12-28 17:04 - 2019-08-18 17:37 - 000000000 ____D C:\Program Files (x86)\Steam
2019-12-28 06:00 - 2019-08-22 21:22 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-27 21:11 - 2019-09-29 07:43 - 000000000 ____D C:\Users\ander\AppData\Roaming\qBittorrent
2019-12-27 16:37 - 2019-08-20 19:54 - 001691002 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-27 16:37 - 2019-03-19 12:41 - 000713712 _____ C:\WINDOWS\system32\perfh01D.dat
2019-12-27 16:37 - 2019-03-19 12:41 - 000145586 _____ C:\WINDOWS\system32\perfc01D.dat
2019-12-27 16:37 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-27 16:28 - 2019-08-20 19:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-27 06:07 - 2019-09-29 09:00 - 000000000 ____D C:\Users\ander\AppData\Roaming\vlc
2019-12-27 04:34 - 2019-08-18 17:27 - 000000000 ___RD C:\Users\ander\OneDrive
2019-12-27 04:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-27 03:41 - 2019-10-25 18:59 - 000000000 ____D C:\Riot Games
2019-12-26 16:25 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-26 16:24 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-26 16:16 - 2019-08-25 03:44 - 000000000 ____D C:\Users\ander\AppData\Local\CrashDumps
2019-12-24 23:05 - 2019-08-31 05:52 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-22 08:00 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-22 07:55 - 2019-08-19 13:29 - 000000000 ____D C:\Users\ander\AppData\Roaming\Discord
2019-12-20 15:50 - 2019-08-18 17:25 - 000000000 ____D C:\Users\ander\AppData\Local\Packages
2019-12-20 11:52 - 2019-09-16 23:25 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-20 04:50 - 2019-08-18 17:33 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-20 04:50 - 2019-08-18 17:33 - 000002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-20 04:50 - 2019-08-18 17:33 - 000002256 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-17 05:38 - 2019-08-18 17:27 - 000000000 ____D C:\Users\ander\AppData\Local\D3DSCache
2019-12-16 01:09 - 2019-10-12 19:31 - 000000000 ____D C:\ProgramData\Origin
2019-12-16 01:03 - 2019-08-20 14:20 - 000000000 ___DC C:\WINDOWS\Panther
2019-12-16 01:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-12-13 19:25 - 2019-08-20 19:47 - 000257712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-13 19:25 - 2019-08-18 17:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-13 19:25 - 2019-08-18 17:25 - 000000000 ___RD C:\Users\ander\3D Objects
2019-12-13 05:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-13 05:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-13 05:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-12 08:47 - 2019-08-18 17:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 08:46 - 2019-08-18 17:31 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-10 23:45 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-09 17:44 - 2019-09-16 23:25 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-09 17:44 - 2019-09-16 23:25 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-12-09 17:43 - 2019-09-16 23:25 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-12-07 23:10 - 2019-08-18 17:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-07 12:13 - 2019-08-20 19:50 - 000003516 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-07 12:13 - 2019-08-20 19:50 - 000003392 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2019-09-29 08:59 - 2019-09-29 08:59 - 000000023 _____ () C:\Program Files\plugins.dat
2019-09-21 20:50 - 2019-09-27 08:28 - 000000726 _____ () C:\Users\ander\AppData\Roaming\MPQEditor.ini
2019-12-27 04:01 - 2019-12-27 04:01 - 000000017 _____ () C:\Users\ander\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[WatuZ]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by ander (29-12-2019 02:44:18)
Running from C:\Users\ander\Downloads
Windows 10 Home Version 1903 18362.535 (X64) (2019-08-20 18:50:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-1277248211-1705506319-2216919589-500 - Administrator - Disabled)
ander (S-1-5-21-1277248211-1705506319-2216919589-1001 - Administrator - Enabled) => C:\Users\ander
DefaultAccount (S-1-5-21-1277248211-1705506319-2216919589-503 - Limited - Disabled)
Gäst (S-1-5-21-1277248211-1705506319-2216919589-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1277248211-1705506319-2216919589-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Discord (HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{1F65DF2C-97B0-402F-A484-FDEC48DB63A1}) (Version: 6.26.7 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.26.7) (Version: 6.26.7 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA Grafikdrivrutin 436.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.02 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
paint.net (HKLM\...\{39136CF7-E6F5-4DE0-9AB6-EFB45F464590}) (Version: 4.2.4 - dotPDN LLC)
qBittorrent 4.1.8 (HKLM-x32\...\qBittorrent) (Version: 4.1.8 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
RuneLite (HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\RuneLite Launcher_is1) (Version: 2.0.2 - RuneLite)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Window On Top version 3.8 (HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)

Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-18] (Microsoft Corporation) [MS Ad]
MSN Väder -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0 [2019-12-20] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-08-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-07-24 13:50 - 2018-07-24 13:50 - 000217887 _____ () [File not signed] C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll
2018-07-24 13:50 - 2018-07-24 13:50 - 000119167 _____ () [File not signed] C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll
2019-10-16 05:32 - 2019-10-16 05:32 - 000262656 _____ () [File not signed] C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2018-07-24 13:50 - 2018-07-24 13:50 - 003028053 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libcrypto-1_1-x64.dll
2018-07-24 13:50 - 2018-07-24 13:50 - 000625540 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libssl-1_1-x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-18 18:06 - 2019-10-01 11:40 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%systemroot%\system32\windowspowershell\v1.0\;%systemroot%\system32\openssh\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 103.86.96.100 - 103.86.99.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1245EB54-41D9-4FEA-B807-F446057DBC4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{203D9071-5AD1-4DA4-9A16-21ED85516DF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{75849845-B164-4A24-ABE7-B540463C138E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{8C0B48DA-33E2-466F-96B8-FD9D308CDE33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{A3529C59-5F8C-48FD-BA79-D688F00974B2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{554612FA-46A9-4DAC-920C-AED94AC3B7F5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B2C4CD20-E89B-4167-89CA-F40B619B351E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1D8413F9-9567-4DE9-8A0F-73DD5656C559}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6DF59211-829F-4236-8B4C-E6DDC0EA60E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{4408E960-B745-41D1-ACB2-047DB23B2D52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [TCP Query User{2034C877-AAF9-43F3-993F-992C02901D66}C:\users\ander\downloads\wc3connect.exe] => (Allow) C:\users\ander\downloads\wc3connect.exe () [File not signed]
FirewallRules: [UDP Query User{D784B5D6-28AB-446E-9121-15893EE770BC}C:\users\ander\downloads\wc3connect.exe] => (Allow) C:\users\ander\downloads\wc3connect.exe () [File not signed]
FirewallRules: [TCP Query User{0D7C4BB6-EE30-4574-901B-D4B78E35A973}C:\program files (x86)\java\jre1.8.0_221\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\jp2launcher.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{92C59EBF-ECF3-4031-BE37-9ADFD95A452B}C:\program files (x86)\java\jre1.8.0_221\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\jp2launcher.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [TCP Query User{9313581F-0CAB-419C-8EC6-B6A4C24E3A9A}C:\program files\warcraft iii\x86\warcraft iii.exe] => (Allow) C:\program files\warcraft iii\x86\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{A8F83532-82FD-4630-85ED-71778ADEFEEE}C:\program files\warcraft iii\x86\warcraft iii.exe] => (Allow) C:\program files\warcraft iii\x86\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{55AADFDD-999E-4766-98EC-EE5BB7BA0800}C:\program files\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\program files\warcraft iii\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{FED7390E-4139-41F4-979C-69D00291D96B}C:\program files\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\program files\warcraft iii\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0FC399C6-E027-464D-A40A-1C55ACDE4434}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{927E2A89-D832-4DCF-A0C1-E9E24B394FE7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{26E7096C-913D-4B49-A717-FE057775CBDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{97F53D3F-E75F-4970-8556-D7D50FA928FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [TCP Query User{A41E6ADE-8408-4788-804F-04E0A9DAA7FF}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{667C0FD5-6A2D-4B75-BE96-799505DD4ED6}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [{D1BBAEEC-3141-4EBF-BD36-89D0B231F5D0}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe No File
FirewallRules: [{124F0CC6-A4BC-4A60-9D0F-E87631290ADC}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe No File
FirewallRules: [TCP Query User{9458B07B-85C0-4C97-912C-07BD8BB51FF7}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe No File
FirewallRules: [UDP Query User{02667169-A8F4-4F78-87E4-D6CAC0995345}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe No File
FirewallRules: [{813A9C83-362F-4A48-8FC7-887F48868B56}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8ED8C12E-003F-42D7-AA93-D199D23504EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{29C1018D-9E39-4B9A-A241-74364EEE6C29}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3EEC2F0A-2F9F-4041-8A66-023E3F88C760}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDCCFB31-5C86-4BFD-8099-988ED1108902}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F81551A5-418D-4076-AA5B-984206CAE41E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{67EAE5EE-03AB-4823-BC72-C3BB95CA0512}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11137D2F-A29B-45C7-A6DD-83BCCAC22356}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B425E60-92B0-40F3-8B45-7A1CFBD29A09}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FEDB7C60-678D-4F44-80F1-5896731D4D61}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87B8178C-88E7-4EEF-BDC6-65C5F62F9A5A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{21F4DCF2-604D-4C6C-8F1D-7B163AD9B191}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{611F074C-1BAC-4263-81CB-472581F09BCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{91259707-0CA1-4643-9520-7C2B4B82B437}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2E3E5ACF-A69D-432E-BBAB-BF46254A706A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{70BC36E9-D0A8-4BAA-88A1-34E81883ABF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2566E717-4A79-42AF-8646-4B05931105A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

20-12-2019 09:25:52 Schemalagd kontrollpunkt
24-12-2019 23:04:53 ExpressVPN

==================== Faulty Device Manager Devices ============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtangentbord)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/28/2019 10:26:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1264,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/28/2019 05:11:39 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10736,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/28/2019 03:28:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2600,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/27/2019 09:10:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11448,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/27/2019 08:56:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8896,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/27/2019 06:33:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8376,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/27/2019 04:37:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2380,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (12/27/2019 05:56:09 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11996,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades.


System errors:
=============
Error: (12/27/2019 04:28:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 06:59:39 den ‎2019-‎12-‎27 skedde oväntat.

Error: (12/27/2019 04:28:20 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT instans)
Description: 3221225684Ett allvarligt fel uppstod när återställningsdata bearbetades.

Error: (12/27/2019 04:25:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 04:16:30 den ‎2019-‎12-‎27 skedde oväntat.

Error: (12/27/2019 04:25:26 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT instans)
Description: 3221225684Ett allvarligt fel uppstod när återställningsdata bearbetades.

Error: (12/27/2019 03:57:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 03:46:03 den ‎2019-‎12-‎27 skedde oväntat.

Error: (12/27/2019 03:57:23 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT instans)
Description: 3221225684Ett allvarligt fel uppstod när återställningsdata bearbetades.

Error: (12/26/2019 04:16:15 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-VPP14F8)
Description: Det gick inte att starta en DCOM-server: {0358B920-0AC7-461F-98F4-58E32CD89148}. Felet:
"2147942767"
inträffade när det här kommandot startades:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/24/2019 11:52:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VPP14F8)
Description: Servern {9BA05972-F6A8-11CF-A442-00A0C90A8F39} registrerades inte med DCOM inom erforderlig timeout.


Windows Defender:
===================================
Date: 2019-12-09 17:42:37.307
Description:
Windows Defender Antivirus-sökningen stoppades innan den slutfördes.
Söknings-ID: {9FE4FA3D-3E0E-4AFC-8444-C7709979ADAA}
Sökningstyp: Antimalware
Sökningsparametrar: Snabbsökning
Användare: NT instans\SYSTEM

Date: 2019-12-09 04:06:13.851
Description:
Windows Defender Antivirus-sökningen stoppades innan den slutfördes.
Söknings-ID: {D0710F45-9297-41F1-A357-CF59E5DA1758}
Sökningstyp: Antimalware
Sökningsparametrar: Snabbsökning
Användare: NT instans\SYSTEM

CodeIntegrity:
===================================

Date: 2019-12-29 02:41:24.441
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:41:15.356
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:40:50.868
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:40:50.856
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:39:47.335
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:39:47.316
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:39:18.817
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 02:39:18.801
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3.B0 04/24/2017
Motherboard: MSI Z170A-S02 (MS-7998)
Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 39%
Total physical RAM: 16344.39 MB
Available physical RAM: 9854.96 MB
Total Virtual: 18776.39 MB
Available Virtual: 9778.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.28 GB) (Free:98.73 GB) NTFS
Drive e: (Ny volym) (Fixed) (Total:2794.5 GB) (Free:2298.38 GB) NTFS
Drive f: (PHONE CARD) (Removable) (Total:7.44 GB) (Free:0.25 GB) FAT32

\\?\Volume{53baff7a-d86b-47bd-a186-0bf237239c5a}\ (Återställning) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{1421ad5f-41d7-4a0a-9251-e9f2bd762dfb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[WatuZ]

RogueKiller Anti-Malware V14.0.3.0 (x64) [Dec 23 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : SYSTEM [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191227_134259, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/12/30 04:28:37 (Duration : 00:04:19)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

[WatuZ]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/30/19
Scan Time: 4:41 AM
Log File: 3f4d7d88-2ab6-11ea-afbd-4ccc6a94b2d1.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.785
Update Package Version: 1.0.16949
License: Premium

-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: DESKTOP-VPP14F8\ander

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277088
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[WatuZ]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2019-12-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-30-2019
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://websearch.searchboxes.info/?pid=298&r=2013/07/20&hid=2658533162&lg=EN&cc=SE&unqvl=28

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1416 octets] - [30/12/2019 04:45:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[Broni]

All logs are clean. MBAM is simply doing its job. Nothing to worry about.
Good luck and stay safe

 

[WatuZ]

All logs are clean. MBAM is simply doing its job. Nothing to worry about.
Good luck and stay safe

so its normal to get some of these inbound connections blocked then? well thanks for helping out

 

[Broni]

Yes, it is.