Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by ander (administrator) on DESKTOP-VPP14F8 (MSI MS-7998) (29-12-2019 02:43:23)
Running from C:\Users\ander\Downloads
Loaded Profiles: ander (Available Profiles: ander)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: Svenska (Sverige)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [Discord] => C:\Users\ander\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1950752 2019-12-19] (TEFINCOM S.A. -> NordVPN)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-20] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3FB86F57-5B69-4CAF-9543-301955B31786} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {40C1AD0A-D13F-4510-B5C1-3515E0D7E4CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-18] (Google Inc -> Google LLC)
Task: {A830BD2B-D4A4-4EAA-9983-EF7E92A27978} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CA79E67E-F035-462E-BDE2-4CF79325E11C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {D94EA18D-9174-415B-8A20-8C26B31180BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DBADFE7B-BA37-427F-A4D9-E98566C200BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5296EC1-4038-43BA-9197-5F5DC43C541F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF9430CA-BD43-4798-AA8F-441F1B25F5B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-18] (Google Inc -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 83.255.255.1 83.255.255.2
Tcpip\..\Interfaces\{239a7ab9-d5b0-4ee1-b1bc-afd427b2eeed}: [DhcpNameServer] 83.255.255.1 83.255.255.2
Tcpip\..\Interfaces\{eb812b38-fd97-4329-9ab5-0b2200a32e2a}: [DhcpNameServer] 103.86.96.100 103.86.99.100
Internet Explorer:
==================
HKU\S-1-5-21-1277248211-1705506319-2216919589-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://entgaming.net/entconnect/1
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-09-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-07] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-07] (Google LLC -> Google LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://websearch.searchboxes.info/?pid=298&r=2013/07/20&hid=2658533162&lg=EN&cc=SE&unqvl=28
CHR StartupUrls: Default -> "hxxp://www.dota2.com/leaderboards/#americas","hxxps://www.youtube.com/watch?v=gvbcnWULwJ4","hxxps://www.youtube.com/watch?v=_I-xFIRyKVU&index=146&list=PLvKV_Qc64JR_49F7LmBf9kOKELY-7m7Lz","hxxps://www.youtube.com/watch?v=i4SupiOPPCo","hxxps://www.youtube.com/watch?v=2o-ndHHQFL0&index=1&list=PL7VDr58somPlUFKo-BTahr6UK7TokvNW0","hxxps://www.youtube.com/playlist?list=PLmBNQlZMGQ3XQK9xO41fcnA3Ejf4n1Oul","hxxps://www.youtube.com/user/TrumpSC/videos","hxxps://tempostorm.com/hearthstone/meta-snapshot/standard/2016-11-19","hxxps://www.youtube.com/watch?v=qGbgUA_wXYI","hxxps://www.youtube.com/watch?v=tv0p03214gA","hxxps://www.youtube.com/watch?v=qHZpUbT4alA","hxxps://www.faceit.com/en/players/WatuZ","hxxps://www.youtube.com/watch?v=Rh_5IR586h0","hxxps://www.good-gaming.com/tournament/results/53","hxxps://www.youtube.com/watch?v=NQNwjEkszvg","hxxps://www.youtube.com/watch?v=0NcIGBKXMOE","hxxps://www.youtube.com/watch?v=J5eT_fV_Kd8","hxxps://www.youtube.com/watch?v=QFS8VbFw8q8","hxxps://www.youtube.com/watch?v=DOnnVY4cyZU","hxxps://www.youtube.com/feed/subscriptions","hxxps://www.reddit.com/r/hearthstone/#res:ner-page=2","hxxps://www.youtube.com/watch?v=9Bnu0UrgxBg","hxxps://www.reddit.com/r/DotA2/","hxxps://www.youtube.com/watch?v=6iAbin7eCns&index=21&list=PLcX2deN0eVvIpFP9LDDQRuKhN2ugt3sII","hxxps://www.youtube.com/watch?v=qHZpUbT4alA","hxxps://www.komplett.se/product/902540/datorutrustning/mustangentbord/gamingmus/razer-deathadder-elite-chroma-gaming-mus?gclid=CjwKEAiA1ITCBRDO-oLA-q_n8xYSJADjBQfG-VUw3MGiZxzzCnADPOSCn7DYbM-aFwQger0UchbQwBoCtNbw_wcB&gclsrc=aw.ds#technical-details","hxxps://www.youtube.com/watch?v=_Di5DVzIrUQ","hxxps://www.youtube.com/watch?v=6P9HNaxHZHI","hxxps://www.youtube.com/watch?v=KQbaASz6LtQ","hxxp://fantasy.prizetrac.kr/bostonmajor2016/overview","hxxps://www.youtube.com/watch?v=AZxnEcCVzHQ&list=PL7VDr58somPkiQ5XtkQrT024krzLbdqje&index=45","hxxps://www.youtube.com/watch?v=D4HFvyRXsVY","hxxps://www.youtube.com/watch?v=n42JN-TMSkk","hxxps://www.youtube.com/watch?v=PAR-HhR0Vp0","hxxps://strike.good-gaming.com/results/ebf2492f-594c-4a4f-b9e7-2c37595b75b2","hxxps://gyazo.com/e738609d2ec0aaf34acc2838e0c8e61e","hxxps://gyazo.com/e5df123bc62165c0373d00523c0f3dae","hxxps://gyazo.com/2c90e30221f37242fb139cb4c8be9d6a","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default [2019-12-29]
CHR Extension: (Presentationer) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-18]
CHR Extension: (BetterTTV) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-12-09]
CHR Extension: (Dokument) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-18]
CHR Extension: (Google Drive) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-18]
CHR Extension: (YouTube) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-18]
CHR Extension: (uBlock Origin) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-29]
CHR Extension: (Tampermonkey) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-07]
CHR Extension: (FrankerFaceZ) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-08-18]
CHR Extension: (Kalkylark) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-18]
CHR Extension: (Google Dokument Offline) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-18]
CHR Extension: (Imagus) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2019-08-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-12-22]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\ander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-09-11] (Apple Inc. -> Apple Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-05-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [222240 2019-12-19] (TEFINCOM S.A. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-20] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-12-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-12-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-12-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-12-26] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fd332b7c7ad5fe7e\nvlddmkm.sys [22347976 2019-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-29 02:43 - 2019-12-29 02:43 - 000022109 _____ C:\Users\ander\Downloads\FRST.txt
2019-12-29 02:41 - 2019-12-29 02:43 - 000000000 ____D C:\FRST
2019-12-29 02:41 - 2019-12-29 02:41 - 000000000 ____D C:\Users\ander\Downloads\FRST-OlderVersion
2019-12-29 02:40 - 2019-12-29 02:41 - 002272256 _____ (Farbar) C:\Users\ander\Downloads\FRST64 (1).exe
2019-12-27 21:00 - 2019-12-27 21:01 - 000001509 _____ C:\Users\ander\Desktop\X.lnk
2019-12-27 04:01 - 2019-12-27 04:01 - 000000017 _____ C:\Users\ander\AppData\Local\resmon.resmoncfg
2019-12-26 16:25 - 2019-12-27 16:28 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-26 16:25 - 2019-12-27 16:28 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-12-26 16:25 - 2019-12-26 16:25 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-12-26 16:25 - 2019-12-26 16:25 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-12-26 16:24 - 2019-12-26 16:24 - 000000000 ____D C:\Users\ander\AppData\Local\ElevatedDiagnostics
2019-12-24 23:08 - 2019-12-24 23:08 - 000002055 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-12-24 23:08 - 2019-12-24 23:08 - 000002055 _____ C:\ProgramData\Desktop\NordVPN.lnk
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\Users\ander\AppData\Local\NordVPN
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\ProgramData\NordVPN
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\ProgramData\Caphyon
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2019-12-24 23:08 - 2019-12-24 23:08 - 000000000 ____D C:\Program Files (x86)\NordVPN
2019-12-20 15:55 - 2019-12-20 15:55 - 034601768 _____ (ExpressVPN) C:\Users\ander\Downloads\expressvpn_7.7.11.4.exe
2019-12-20 15:52 - 2019-12-20 15:52 - 000000008 _____ C:\Users\ander\Desktop\lösen.txt
2019-12-20 15:11 - 2019-12-20 15:11 - 000042927 _____ C:\Users\ander\Downloads\harry-potter-and-the-chamber-of-secrets-swedish-yify-61608.zip
2019-12-20 15:11 - 2007-11-30 14:30 - 000113330 _____ C:\Users\ander\Desktop\Harry.Potter.And.The.Chamber.Of.Secrets.2002.720p.BluRay.x264-SiNNERS.srt
2019-12-20 15:07 - 2019-12-27 04:13 - 000000000 ____D C:\Users\ander\Documents\filmer
2019-12-20 11:52 - 2019-12-20 11:52 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-19 03:06 - 2019-12-19 03:06 - 000808002 _____ C:\Users\ander\Downloads\window-on-top.zip
2019-12-19 03:06 - 2019-12-19 03:06 - 000001248 _____ C:\Users\ander\Desktop\Window On Top.lnk
2019-12-19 03:06 - 2019-12-19 03:06 - 000000000 ____D C:\Users\ander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skybn Software
2019-12-19 03:06 - 2019-12-19 03:06 - 000000000 ____D C:\Users\ander\AppData\Local\skybn
2019-12-16 07:44 - 2019-12-16 07:46 - 000000000 ____D C:\ProgramData\HitmanPro
2019-12-16 07:44 - 2019-12-16 07:45 - 011575104 _____ (SurfRight B.V.) C:\Users\ander\Downloads\HitmanPro_x64.exe
2019-12-16 01:06 - 2019-12-16 01:06 - 000004032 _____ C:\Users\ander\Documents\cc_20191216_010611.reg
2019-12-16 01:04 - 2019-12-16 01:05 - 000085240 _____ C:\Users\ander\Documents\cc_20191216_010403.reg
2019-12-16 01:02 - 2019-12-23 10:07 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-16 01:02 - 2019-12-16 01:02 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-12-16 01:02 - 2019-12-16 01:02 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-12-16 01:02 - 2019-12-16 01:02 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-12-16 01:02 - 2019-12-16 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-12-16 01:02 - 2019-12-16 01:02 - 000000000 ____D C:\Program Files\CCleaner
2019-12-11 16:47 - 2019-12-11 16:47 - 000000000 ____D C:\Users\ander\AppData\Local\Apps\2.0
2019-12-11 14:34 - 2019-12-11 14:34 - 000002132 _____ C:\Users\ander\Desktop\JDownloader 2.lnk
2019-12-11 14:34 - 2019-12-11 14:34 - 000000000 ____D C:\Users\ander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2019-12-11 14:33 - 2019-12-11 15:01 - 000000000 ____D C:\Users\ander\AppData\Local\JDownloader 2.0
2019-12-11 14:32 - 2019-12-11 14:32 - 045339480 _____ (AppWork GmbH) C:\Users\ander\Downloads\JDownloaderSetup.exe
2019-12-11 14:21 - 2019-03-22 10:14 - 000006184 _____ C:\Users\ander\Desktop\Video Stream Downloader (Example-2).ipynb
2019-12-11 14:21 - 2019-03-22 10:14 - 000001464 _____ C:\Users\ander\Desktop\Video Stream Downloader (Example-1).ipynb
2019-12-11 14:15 - 2019-12-11 14:15 - 026406312 _____ (Python Software Foundation) C:\Users\ander\Downloads\python-3.8.0.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-10 23:43 - 2019-12-10 23:43 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-10 23:43 - 2019-12-10 23:43 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-10 23:43 - 2019-12-10 23:43 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-10 23:43 - 2019-12-10 23:43 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-10 23:43 - 2019-12-10 23:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-09 17:44 - 2019-12-09 17:44 - 000000000 ____D C:\Users\ander\AppData\Local\cache
2019-12-06 06:08 - 2019-12-06 06:08 - 000044304 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-28 23:45 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-28 22:12 - 2019-08-20 19:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-28 17:12 - 2019-08-31 05:52 - 000000044 _____ C:\Users\ander\jagex_cl_oldschool_LIVE.dat
2019-12-28 17:12 - 2019-08-31 05:52 - 000000024 _____ C:\Users\ander\random.dat
2019-12-28 17:04 - 2019-08-18 17:37 - 000000000 ____D C:\Program Files (x86)\Steam
2019-12-28 06:00 - 2019-08-22 21:22 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-27 21:11 - 2019-09-29 07:43 - 000000000 ____D C:\Users\ander\AppData\Roaming\qBittorrent
2019-12-27 16:37 - 2019-08-20 19:54 - 001691002 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-27 16:37 - 2019-03-19 12:41 - 000713712 _____ C:\WINDOWS\system32\perfh01D.dat
2019-12-27 16:37 - 2019-03-19 12:41 - 000145586 _____ C:\WINDOWS\system32\perfc01D.dat
2019-12-27 16:37 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-27 16:28 - 2019-08-20 19:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-27 06:07 - 2019-09-29 09:00 - 000000000 ____D C:\Users\ander\AppData\Roaming\vlc
2019-12-27 04:34 - 2019-08-18 17:27 - 000000000 ___RD C:\Users\ander\OneDrive
2019-12-27 04:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-27 03:41 - 2019-10-25 18:59 - 000000000 ____D C:\Riot Games
2019-12-26 16:25 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-26 16:24 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-26 16:16 - 2019-08-25 03:44 - 000000000 ____D C:\Users\ander\AppData\Local\CrashDumps
2019-12-24 23:05 - 2019-08-31 05:52 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-22 08:00 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-22 07:55 - 2019-08-19 13:29 - 000000000 ____D C:\Users\ander\AppData\Roaming\Discord
2019-12-20 15:50 - 2019-08-18 17:25 - 000000000 ____D C:\Users\ander\AppData\Local\Packages
2019-12-20 11:52 - 2019-09-16 23:25 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-20 04:50 - 2019-08-18 17:33 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-20 04:50 - 2019-08-18 17:33 - 000002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-20 04:50 - 2019-08-18 17:33 - 000002256 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-17 05:38 - 2019-08-18 17:27 - 000000000 ____D C:\Users\ander\AppData\Local\D3DSCache
2019-12-16 01:09 - 2019-10-12 19:31 - 000000000 ____D C:\ProgramData\Origin
2019-12-16 01:03 - 2019-08-20 14:20 - 000000000 ___DC C:\WINDOWS\Panther
2019-12-16 01:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-12-13 19:25 - 2019-08-20 19:47 - 000257712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-13 19:25 - 2019-08-18 17:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-13 19:25 - 2019-08-18 17:25 - 000000000 ___RD C:\Users\ander\3D Objects
2019-12-13 05:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-13 05:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-13 05:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-12 08:47 - 2019-08-18 17:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 08:46 - 2019-08-18 17:31 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-10 23:45 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-09 17:44 - 2019-09-16 23:25 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-09 17:44 - 2019-09-16 23:25 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-12-09 17:43 - 2019-09-16 23:25 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-12-07 23:10 - 2019-08-18 17:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-07 12:13 - 2019-08-20 19:50 - 000003516 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-07 12:13 - 2019-08-20 19:50 - 000003392 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories ========
2019-09-29 08:59 - 2019-09-29 08:59 - 000000023 _____ () C:\Program Files\plugins.dat
2019-09-21 20:50 - 2019-09-27 08:28 - 000000726 _____ () C:\Users\ander\AppData\Roaming\MPQEditor.ini
2019-12-27 04:01 - 2019-12-27 04:01 - 000000017 _____ () C:\Users\ander\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================