Jump to content

Search the Community

Showing results for tags 'Adware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 113 results

  1. So ever since this afternoon I went onto one of my usual wikias for a game, when out of nowhere it started acting strange. It hasn't done this until today, and that's including yesterday when I last used it. It's using an excessive amount of cookies, and the domains in my Ublock aren't looking like they normally are. It even redirected from the original wikia, to a strange URL, back to the wiki. I have no idea what happened, and I don't know if it's because of the site or suspected adware. What makes this even more confusing is that it doesn't seem to be happening to everyone. Neither Malwarebytes not ADWcleaner is picking it up, so I think it's a site issue. I honestly don't know what to do in a situation like this, because it's only the sites that are "Powered by Wikia." Do I have Adware, or is this something happening to the sites themselves?
  2. im seriously getting annoyed by this ad always opening internet explorer. does anyone know a way to manually delete malware/adware? if so please come to my aid lol but seriously i wanna get this removed from my pc. i've read some forums about deleting system 32 and i also read that if i do that it will be the same as deleting my entire pc lol so im here for professional help that know exactly what i need to delete and i have hopes that you dont troll me into deleting my pc LOL and i had used malwarebytes but it lies to me that im good to go *cries* so please someone guide me manually to delete this bs
  3. Hi, After opening a QR code link for Whatsapp Web an extra tab opened with myhelpfuldownloads.com URL and an add for Scanguard. This is quite a new laptop I am setting up after having it repaired and wiped by Lenovo customer support, so I am quite surprised there is already adware on it. I can't figure out where it came from. Perhaps syncing my Google Chrome after logging in brought along something, but I can't discover what it is or how to disable it. Attached all the logs as per instructions. I hope someone can help me figure this one out. Many thanks in advance Addition.txt FRST.txt MalwareBytes_Threat_scan_log.txt
  4. Hi I have a problem, I was looking through my email on Yahoo and by mistake I clicked on a AD link and it directed me to some survey website that was sketchy but i closed it imitatively and checked the Chrome History and found out i was directed to like 4 different websites at the same time and searched to see if they where safe but all where safe expect 1 and I ran Malwarebytes to see if i have any viruses and it found the PUP.Optional Conduit 2 times every time it scanned. I quarantine them and deleted them and scanned again but they keep showing up. I used Adware Removal from Malwarebytes and Bitdefender and the Malwarebytes deleted something but scanned after and it was still there and the Bitdefender one didn't find anything. Ill leave a photo to see what I mean. Hopefully somebody helps me. And one more thing, I noticed the Chrome browser closes by itself randomly after I'm not using it.
  5. Hi, 2 days ago this nightmare started. As always I was doing a scan with Malwarebytes and 4 problems came out: 2 of them have been solved, the others no. Their name is Adware.Elex.ShrtCln and they're located in C:\Users\bruno\AppData\Local\Google\Chrome\USER DATA\Default\Web Data. Useless to say that when Malwarebytes delete them, when i restart my pc they return. I've installed a new copy of windows, a clean installation obiviously, and until I haven't reinstalled Chrome, the problem did not show up. Now, what I have to do? Thanks if you will answer, i hope fast because i'm a little bit scared from this, also because google detected some suspicious attempts to acces my account from Russia.. I'm italian so there's a problem I also post a picture of them.
  6. So the adware gets removed but keeps reappearing after reboot.... all it does is force me to use yahoo, also some sites and web functions do not work... 1.txt
  7. So I have recently done many scans with the Malwarebytes antivirus running the latest update and each time it has detected one PUP (Optional.Ask) and three of the following: PUP.Optional.SweetPacks No matter how many times I quarantine and delete these PUPs they always reappear when I scan again. They seem to be in the Chrome files but they always seem to replace themselves. I have also noticed that the Ad Blocker extension I have has blocked a larger amount of 'ads' recently. Not sure if that has to do with anything... Screenshots will be below.
  8. Hey, Malwarebytes cannot delete the adware seen in the attachment. As you can see it just keeps coming back even though malwarebytes keeps replacing the files.. From logs you can see that I've been always using the latest version. I also tried the AdwCleaner but that does not even find it. Please and help me remove it permanently scanlog.txt scanlog2.txt scanlog3.txt
  9. Hello, Sadly I got a weird returning adware on my PC called Adware.Elex.ShrtCln, that is somehow linked to my Google Chrome account. When I run a Threat Scan, malwarebytes detects the adware and succesfully removes it to the quarantine. After that the program prompted me to restart the PC. So after I restarted the PC, I ran the Threat Scan again. But unfortunately the adware was again detected. I have already tried to remove all the browsing data from chrome and to use the Chrome Cleanup Tool but no succes at all. Can someone help me please? Thank you in advance for every assistance Malwarebytes Threat Scan log.txt Addition.txt FRST.txt
  10. It is in the office PC, now here it is quite midnight, sure tomorow I will post. Hi
  11. Hello. I've tried uninstalling Chrome, resetting the data and running the malwarebytes free version scan - then i delete the quarantined results and restart the PC. After rescanning it once the computer has signed in i keep getting the same adware.yontoo appearing in the scanned results. See below; How can i make sure i remove this once and for all so it doesnt appear again? I've tried the MalwareBytes Adware cleaner - that has removed other stuff but this Adware.Yontoo is driving me insane. Please can anyone recommend what i should do? Thank you. j4v3d
  12. So i'm sure i'm in the same boat as a lot of other people, after seeing high activity on the forums about this, but i've followed some 'solutions' and yet i'm still getting the same the same 4 files appear on the scans i'm running, i don't know whether i should be worried about this as so many other people are having the same issue i just wanted to post here so someone could help me once a solution has been found as multiple attempts of deleting these web data files just isn't working nor is resetting my sync could someone explain to me what is going on and a way to solve this so it stops happening, it'll be highly appreciated thanks in advance PUP.txt
  13. Hello. I accidentally downloaded and ran a couple shady things lately, did a full sweep and regular - just in case scans on daily basis for a couple of days. Everything is fine except these two PUPs that I can't seem to get rid of. It is called "PUP.Optional.Linkury.Generic" and it seems that it has infected google chrome. Something tells me another hidden file is generating them, because whenever I put them in quarantine and delete them, they re-apper in the next scan. Uninstalling chrome did seem to solve the issue (the indefinite generating) because I assume the source didn't have anywhere to put them and run them, so as soon as I installed chrome again, it continued happening. The following screenshot I left the scans quarantined just so you can see what I'm talking about. They always appear in pair, and they don't stop after getting quarantined. What do I do?
  14. Adware.Elex.ShrtCln, C:\USERS\ANONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Rimozione non riuscita, [2309], [454711],1.0.3202 Adware.Elex.ShrtCln, C:\USERS\ANONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Rimozione non riuscita, [2309], [454711],1.0.3202
  15. The same thing happens to me, I tried in all possible ways, but it keeps showing up
  16. I have this same problem. But I have malwarebytes 3.2.2.2029
  17. Hey, I have the same issue, and it also started yesterday. I believe I saw another post about this.
  18. Hi I have the same issue Malwarebytes www.malwarebytes.com -Détails du journal- Date de l'analyse: 08/11/2017 Heure de l'analyse: 15:26 Fichier journal: bebb6e4c-c490-11e7-84de-5cf9dd5d407f.json Administrateur: Oui -Informations du logiciel- Version: 3.3.1.2183 Version de composants: 1.0.236 Version de pack de mise à jour: 1.0.3206 Licence: Gratuit -Informations système- Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: COMPUTER\padawan -Résumé de l'analyse- Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 384153 Menaces détectées: 3 Menaces mises en quarantaine: 3 Temps écoulé: 11 min, 56 s -Options d'analyse- Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Détection PUM: Détection -Détails de l'analyse- Processus: 0 (Aucun élément malveillant détecté) Module: 0 (Aucun élément malveillant détecté) Clé du registre: 0 (Aucun élément malveillant détecté) Valeur du registre: 0 (Aucun élément malveillant détecté) Données du registre: 0 (Aucun élément malveillant détecté) Flux de données: 0 (Aucun élément malveillant détecté) Dossier: 0 (Aucun élément malveillant détecté) Fichier: 3 Adware.Elex.ShrtCln, C:\USERS\PADAWAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, Remplacé, [2309], [454691],1.0.3206 Adware.Elex.ShrtCln, C:\USERS\PADAWAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Remplacé, [2309], [454691],1.0.3206 Adware.Elex.ShrtCln, C:\USERS\PADAWAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Remplacé, [2309], [454691],1.0.3206 Secteur physique: 0 (Aucun élément malveillant détecté) (end)
  19. Hello. I got a problem with this particular adware. I did all the steps with disabling chrome sync and stuff, but they didn't help. Here are my logs from FRST64 FRST.TXT: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 Ran by Strat (administrator) on DESKTOP-ABB27G3 (12-11-2017 21:08:13) Running from C:\Users\Strat\Desktop Loaded Profiles: Strat (Available Profiles: Strat) Platform: Windows 10 Pro Version 1709 16299.19 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Windows\System32\Windows.WARP.JITService.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Windows\System32\Windows.WARP.JITService.exe () C:\Windows\System32\Windows.WARP.JITService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Windows\System32\Windows.WARP.JITService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.) HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{36f5a6c1-a33d-4b48-ac3d-2ce7d5a5386c}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-12] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default [2017-11-12] CHR Extension: (Super Netflix) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2017-11-12] CHR Extension: (BetterTTV) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-12] CHR Extension: (Docs) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12] CHR Extension: (Google Drive) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-12] CHR Extension: (FairSteam - Gameplay video for Steam) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnnjbpfiahjcklcecoplaepepppkkad [2017-11-12] CHR Extension: (YouTube) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-12] CHR Extension: (uBlock Origin) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-12] CHR Extension: (Search by Image (by Google)) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-11-12] CHR Extension: (Tampermonkey) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-12] CHR Extension: (imgur Community Extension) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2017-11-12] CHR Extension: (Sheets) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12] CHR Extension: (HTTPS Everywhere) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-12] CHR Extension: (Google Docs Offline) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12] CHR Extension: (ScriptBlock) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2017-11-12] CHR Extension: (Google Keep - notes and lists) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-12] CHR Extension: (Google Theme) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2017-11-12] CHR Extension: (Typing Test - KeyHero) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2017-11-12] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-11-12] CHR Extension: (Lazarus: Form Recovery) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2017-11-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-12] CHR Extension: (4chan X) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2017-11-12] CHR Extension: (Enhanced Steam) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-11-12] CHR Extension: (Gmail) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-12] CHR Extension: (Chrome Media Router) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12] CHR Profile: C:\Users\Strat\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed] R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-03-28] (Creative Technology Ltd) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-12] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-27] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074984 2017-03-28] (Creative Technology Ltd) R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2017-03-28] (Creative Technology Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-11-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-12] (Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50808 2017-10-27] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-13 04:00 - 2017-11-12 19:01 - 000000000 ____D C:\Windows\Panther 2017-11-12 21:08 - 2017-11-12 21:08 - 000014526 _____ C:\Users\Strat\Desktop\FRST.txt 2017-11-12 20:52 - 2017-11-12 21:08 - 000000000 ____D C:\FRST 2017-11-12 20:51 - 2017-11-12 20:51 - 002392576 _____ (Farbar) C:\Users\Strat\Desktop\FRST64.exe 2017-11-12 20:49 - 2017-11-12 20:49 - 000000000 ____D C:\Users\Strat\AppData\Local\Notepad++ 2017-11-12 20:48 - 2017-11-12 20:49 - 000000016 _____ C:\Users\Strat\Desktop\re-start.bat 2017-11-12 20:25 - 2017-11-12 20:25 - 000000000 ____D C:\Users\Public\Creative 2017-11-12 20:24 - 2017-11-12 20:50 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-11-12 20:24 - 2017-11-12 20:49 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-11-12 20:24 - 2017-11-12 20:49 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-11-12 20:24 - 2017-11-12 20:49 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-11-12 20:24 - 2017-11-12 20:24 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\Program Files\Malwarebytes 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\Program Files\LibreOffice 5 2017-11-12 20:24 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-11-12 20:23 - 2017-11-12 20:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-11-12 20:23 - 2017-11-12 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative 2017-11-12 20:23 - 2017-11-12 20:22 - 000001331 _____ C:\Users\Strat\Desktop\Dropbox.lnk 2017-11-12 20:23 - 2012-11-26 16:52 - 000005783 ____N C:\Windows\system32\CTOPT352.cat 2017-11-12 20:23 - 2012-08-13 14:51 - 000183808 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT352.dll 2017-11-12 20:23 - 2010-10-04 15:20 - 000088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll 2017-11-12 20:23 - 2010-10-03 14:54 - 000005594 ____N C:\Windows\system32\CTOPT399.cat 2017-11-12 20:23 - 2008-12-22 20:13 - 000049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll 2017-11-12 20:23 - 2006-12-05 13:53 - 000042496 ____N (Creative Technology Ltd.) C:\Windows\system32\AddCat.exe 2017-11-12 20:22 - 2017-11-12 20:24 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-11-12 20:22 - 2017-11-12 20:24 - 000000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-11-12 20:22 - 2017-11-12 20:22 - 000003998 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2017-11-12 20:22 - 2017-11-12 20:22 - 000003766 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2017-11-12 20:22 - 2017-11-12 20:22 - 000001153 _____ C:\Users\Public\Desktop\Backup and Sync from Google.lnk 2017-11-12 20:22 - 2017-11-12 20:22 - 000000078 ___RH C:\Windows\ctfile.rfc 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Local\PeerDistRepub 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Local\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\ProgramData\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Program Files (x86)\Creative 2017-11-12 20:22 - 2012-04-02 15:51 - 000004850 _____ C:\Windows\cthdaENG.reg 2017-11-12 20:21 - 2017-11-12 20:21 - 000003232 _____ C:\Windows\System32\Tasks\klcp_update 2017-11-12 20:21 - 2017-11-12 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-11-12 20:21 - 2017-11-12 20:21 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-11-12 20:20 - 2017-11-12 20:49 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Notepad++ 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\Program Files\qBittorrent 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\Program Files\7-Zip 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\Program Files (x86)\Notepad++ 2017-11-12 20:19 - 2017-11-12 20:19 - 000000000 ____D C:\Software 2017-11-12 20:19 - 2017-11-12 20:19 - 000000000 ____D C:\Games 2017-11-12 19:56 - 2017-11-12 20:26 - 000000000 ____D C:\Users\Strat\AppData\Local\NVIDIA Corporation 2017-11-12 19:56 - 2017-11-12 19:56 - 000000000 ____D C:\Users\Strat\AppData\Local\NVIDIA 2017-11-12 19:56 - 2017-11-12 19:56 - 000000000 ____D C:\Users\Strat\AppData\Local\CEF 2017-11-12 19:55 - 2017-11-12 19:55 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-11-12 19:55 - 2017-10-27 18:50 - 001796216 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 001578104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 000919160 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll 2017-11-12 19:55 - 2017-10-27 17:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-11-12 19:55 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2017-11-12 19:54 - 2017-11-12 19:54 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-12 19:54 - 2017-11-12 19:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-11-12 19:54 - 2017-10-27 18:50 - 000532088 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000437696 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000186488 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000152696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-11-12 19:54 - 2017-10-27 18:50 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2017-11-12 19:54 - 2017-10-27 17:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-11-12 19:54 - 2017-10-25 11:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin 2017-11-12 19:54 - 2017-09-14 00:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-11-12 19:54 - 2017-09-14 00:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-11-12 19:54 - 2017-09-14 00:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll 2017-11-12 19:54 - 2017-09-14 00:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe 2017-11-12 19:53 - 2017-10-27 18:50 - 040237688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 036239480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 035156928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 029270976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 023262280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 019037416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 013864048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 013254520 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 011779328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 010882720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 004485048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 004201592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 003817584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 003614328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001673848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001331200 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001321448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001099712 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001044848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001038680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001031104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000981112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000932288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000794392 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000739448 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000634224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000615544 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000598464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000505976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2017-11-12 19:53 - 2017-10-27 18:50 - 000057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-11-12 19:53 - 2017-10-27 18:50 - 000050808 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-11-12 19:53 - 2017-10-27 18:50 - 000048442 _____ C:\Windows\system32\nvinfo.pb 2017-11-12 19:53 - 2017-10-27 18:50 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-11-12 19:53 - 2017-10-27 18:50 - 000000669 _____ C:\Windows\system32\nv-vk64.json 2017-11-12 19:48 - 2017-11-12 19:48 - 000000000 ____D C:\NVIDIA 2017-11-12 19:29 - 2017-11-12 19:29 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-11-12 19:29 - 2017-11-12 19:29 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Google 2017-11-12 19:28 - 2017-11-12 19:28 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 19:27 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Local\Google 2017-11-12 19:27 - 2017-11-12 20:22 - 000000000 ____D C:\Program Files (x86)\Google 2017-11-12 19:27 - 2017-11-12 19:27 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-12 19:27 - 2017-11-12 19:27 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-12 19:24 - 2017-11-12 19:24 - 000000000 ____D C:\Users\Strat\AppData\Local\PlaceholderTileLogoFolder 2017-11-12 19:15 - 2017-11-12 19:15 - 000000000 ____D C:\Windows\containers 2017-11-12 19:14 - 2017-11-12 19:12 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-11-12 19:13 - 2017-11-12 19:14 - 000000000 ____D C:\Windows\system32\MRT 2017-11-12 19:13 - 2017-11-12 19:13 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-11-12 19:13 - 2017-11-12 19:13 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-11-12 19:13 - 2017-10-10 17:33 - 017080832 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll 2017-11-12 19:13 - 2017-10-10 17:25 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\HolographicRuntimes.dll 2017-11-12 19:13 - 2017-10-10 17:22 - 021752832 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll 2017-11-12 19:13 - 2017-10-10 17:12 - 000664576 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll 2017-11-12 19:13 - 2017-10-10 08:14 - 000139672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-11-12 19:13 - 2017-10-10 08:11 - 000739696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2017-11-12 19:13 - 2017-10-10 08:10 - 001200024 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-11-12 19:13 - 2017-10-10 08:07 - 008592280 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-11-12 19:13 - 2017-10-10 08:02 - 002400664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-11-12 19:13 - 2017-10-10 08:01 - 005906264 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll 2017-11-12 19:13 - 2017-10-10 08:01 - 001633744 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2017-11-12 19:13 - 2017-10-10 08:00 - 001053592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-11-12 19:13 - 2017-10-10 08:00 - 000373656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2017-11-12 19:13 - 2017-10-10 07:59 - 001641536 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-11-12 19:13 - 2017-10-10 07:59 - 000778936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-11-12 19:13 - 2017-10-10 07:54 - 001463856 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2017-11-12 19:13 - 2017-10-10 07:53 - 000464416 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2017-11-12 19:13 - 2017-10-10 07:53 - 000232344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-11-12 19:13 - 2017-10-10 07:51 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-11-12 19:13 - 2017-10-10 07:50 - 002573208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-11-12 19:13 - 2017-10-10 07:49 - 001554216 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2017-11-12 19:13 - 2017-10-10 07:49 - 000060824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\urscx01000.sys 2017-11-12 19:13 - 2017-10-10 07:48 - 000677280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-11-12 19:13 - 2017-10-10 07:44 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll 2017-11-12 19:13 - 2017-10-10 07:43 - 000559000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-11-12 19:13 - 2017-10-10 07:43 - 000418712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-11-12 19:13 - 2017-10-10 07:43 - 000045976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys 2017-11-12 19:13 - 2017-10-10 07:36 - 001436432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-11-12 19:13 - 2017-10-10 07:31 - 001528912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2017-11-12 19:13 - 2017-10-10 07:31 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-11-12 19:13 - 2017-10-10 07:30 - 000123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-11-12 19:13 - 2017-10-10 07:26 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-11-12 19:13 - 2017-10-10 07:11 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2017-11-12 19:13 - 2017-10-10 07:07 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2017-11-12 19:13 - 2017-10-10 07:06 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-11-12 19:13 - 2017-10-10 06:53 - 025246208 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-11-12 19:13 - 2017-10-10 06:47 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-11-12 19:13 - 2017-10-10 06:46 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-11-12 19:13 - 2017-10-10 06:46 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-11-12 19:13 - 2017-10-10 06:44 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-11-12 19:13 - 2017-10-10 06:43 - 018913792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-11-12 19:13 - 2017-10-10 06:43 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll 2017-11-12 19:13 - 2017-10-10 06:43 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll 2017-11-12 19:13 - 2017-10-10 06:42 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2017-11-12 19:13 - 2017-10-10 06:42 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll 2017-11-12 19:13 - 2017-10-10 06:41 - 019343360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-11-12 19:13 - 2017-10-10 06:41 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2017-11-12 19:13 - 2017-10-10 06:39 - 006032896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-11-12 19:13 - 2017-10-10 06:39 - 003681280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-11-12 19:13 - 2017-10-10 06:39 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-11-12 19:13 - 2017-10-10 06:37 - 003672064 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-11-12 19:13 - 2017-10-10 06:37 - 002869248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-11-12 19:13 - 2017-10-10 06:37 - 001587200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2017-11-12 19:13 - 2017-10-10 06:37 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-11-12 19:13 - 2017-10-10 06:36 - 001664000 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2017-11-12 19:13 - 2017-10-10 06:36 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-11-12 19:13 - 2017-10-10 06:34 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2017-11-12 19:13 - 2017-10-10 06:34 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys 2017-11-12 19:13 - 2017-10-10 06:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-11-12 19:13 - 2017-10-10 06:34 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-11-12 19:13 - 2017-10-10 06:33 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll 2017-11-12 19:13 - 2017-10-10 06:33 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2017-11-12 19:13 - 2017-10-10 06:32 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll 2017-11-12 19:13 - 2017-10-10 06:32 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-11-12 19:13 - 2017-10-10 06:32 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-11-12 19:13 - 2017-10-10 06:31 - 023664128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-11-12 19:13 - 2017-10-10 06:31 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll 2017-11-12 19:13 - 2017-10-10 06:31 - 000478208 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll 2017-11-12 19:13 - 2017-10-10 06:30 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-11-12 19:13 - 2017-10-10 06:30 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2017-11-12 19:13 - 2017-10-10 06:30 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll 2017-11-12 19:13 - 2017-10-10 06:29 - 008097792 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-11-12 19:13 - 2017-10-10 06:29 - 000769024 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2017-11-12 19:13 - 2017-10-10 06:28 - 004744192 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-11-12 19:13 - 2017-10-10 06:27 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-11-12 19:13 - 2017-10-10 06:27 - 001165824 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll 2017-11-12 19:13 - 2017-10-10 06:26 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-11-12 19:13 - 2017-10-10 06:26 - 002106880 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-11-12 19:13 - 2017-10-10 06:26 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2017-11-12 19:13 - 2017-10-10 06:26 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-11-12 19:13 - 2017-10-10 06:25 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-11-12 19:13 - 2017-10-10 06:25 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2017-11-12 19:13 - 2017-10-10 06:24 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-11-12 19:13 - 2017-10-10 06:24 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-11-12 19:13 - 2017-10-04 16:21 - 002474080 _____ C:\Windows\SysWOW64\Windows.Mirage.dll 2017-11-12 19:13 - 2017-10-04 15:37 - 003312432 _____ C:\Windows\system32\Windows.Mirage.dll 2017-11-12 19:13 - 2017-10-03 23:42 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-11-12 19:13 - 2017-10-03 23:42 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-11-12 19:13 - 2017-10-03 23:42 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-11-12 19:12 - 2017-11-12 19:12 - 000000000 ____D C:\Users\Strat\AppData\Local\PackageStaging 2017-11-12 19:12 - 2017-11-12 19:12 - 000000000 ____D C:\Users\Strat\AppData\Local\Comms 2017-11-12 19:07 - 2017-11-12 20:08 - 000000000 ___RD C:\Users\Strat\OneDrive 2017-11-12 19:07 - 2017-11-12 19:07 - 000000000 ____D C:\Users\Strat\AppData\Local\DBG 2017-11-12 19:06 - 2017-11-12 20:56 - 000982918 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-12 19:06 - 2017-11-12 19:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-11-12 19:05 - 2017-11-12 20:49 - 000000000 ____D C:\ProgramData\NVIDIA 2017-11-12 19:05 - 2017-11-12 20:08 - 000000000 ____D C:\Users\Strat\AppData\Local\Packages 2017-11-12 19:05 - 2017-11-12 19:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-11-12 19:05 - 2017-11-12 19:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-11-12 19:05 - 2017-11-12 19:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-11-12 19:05 - 2017-11-12 19:06 - 000000000 ____D C:\Users\Strat\AppData\Local\ConnectedDevicesPlatform 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ___RD C:\Users\Strat\3D Objects 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ___HD C:\Users\Strat\MicrosoftEdgeBackups 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Adobe 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Local\VirtualStore 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Local\Publishers 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Local\MicrosoftEdge 2017-11-12 19:05 - 2017-09-28 19:06 - 007850496 _____ (Microsoft Corporation) C:\Windows\system32\prm0015.dll 2017-11-12 19:05 - 2017-09-28 19:05 - 007702016 _____ (Microsoft Corporation) C:\Windows\system32\NL7Models0011.dll 2017-11-12 19:05 - 2017-09-28 19:05 - 002454528 _____ (Microsoft Corporation) C:\Windows\system32\NL7Lexicons0011.dll 2017-11-12 19:05 - 2017-09-28 19:02 - 007407616 _____ (Microsoft Corporation) C:\Windows\system32\NL7Data0011.dll 2017-11-12 19:05 - 2017-09-28 19:02 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\MSWB70011.dll 2017-11-12 19:05 - 2017-09-28 18:42 - 000517120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70011.dll 2017-11-12 19:05 - 2017-09-28 18:41 - 007246336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0011.dll 2017-11-12 19:05 - 2017-09-28 15:50 - 000002060 _____ C:\Windows\system32\noise.jpn 2017-11-12 19:04 - 2017-11-12 19:07 - 000000000 ____D C:\Users\Strat 2017-11-12 19:04 - 2017-11-12 19:04 - 000000020 ___SH C:\Users\Strat\ntuser.ini 2017-11-12 19:04 - 2017-11-12 19:04 - 000000000 ____D C:\ProgramData\USOShared 2017-11-12 19:02 - 2017-11-12 19:02 - 000000000 _SHDL C:\Documents and Settings 2017-11-12 19:02 - 2017-11-12 19:02 - 000000000 ____D C:\Windows\CSC 2017-11-12 19:02 - 2017-09-29 14:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2017-11-12 19:01 - 2017-11-12 20:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-12 19:01 - 2017-11-12 20:24 - 000348904 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-12 19:01 - 2017-11-12 19:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-11-12 19:01 - 2017-11-12 19:01 - 000000000 ____D C:\Windows\system32\SleepStudy 2017-11-12 19:01 - 2017-11-12 19:01 - 000000000 ____D C:\Windows\ServiceProfiles 2017-11-03 22:24 - 2017-11-03 22:24 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2017-11-03 22:24 - 2017-11-03 22:24 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2017-11-03 22:24 - 2017-11-03 22:24 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2017-11-03 22:24 - 2017-11-03 22:24 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2017-11-01 12:58 - 2017-11-01 12:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-11-01 12:58 - 2017-11-01 12:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-13 04:00 - 2017-09-29 14:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2017-11-12 20:49 - 2017-09-29 09:45 - 000524288 _____ C:\Windows\system32\config\BBI 2017-11-12 20:23 - 2017-09-29 14:44 - 000000000 ____D C:\Windows\INF 2017-11-12 20:09 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-12 20:09 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\AppReadiness 2017-11-12 19:54 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\Help 2017-11-12 19:38 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2017-11-12 19:31 - 2017-09-29 14:37 - 000000000 ____D C:\Windows\CbsTemp 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\yo-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\wo-SN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\vi-VN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ur-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ug-CN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tt-RU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tk-TM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ti-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\te-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ta-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sw-KE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sq-AL 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\si-LK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\rw-RW 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\quz-PE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\prs-AF 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\pa-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\or-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\nn-NO 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ne-NP 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mt-MT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mr-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mn-MN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ml-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mk-MK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\lo-LA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\lb-LU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ky-KG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kok-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\km-KH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ka-GE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\is-IS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ig-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\id-ID 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\hy-AM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\gu-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\gd-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ga-IE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\fil-PH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\fa-IR 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\cy-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bn-BD 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\be-BY 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\as-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\am-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\af-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\zu-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\yo-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\xh-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\wo-SN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\vi-VN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ur-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ug-CN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tt-RU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tn-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tk-TM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ti-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\te-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ta-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sw-KE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sq-AL 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\si-LK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sd-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\rw-RW 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\quz-PE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\quc-Latn-GT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\prs-AF 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\pa-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\pa-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\or-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\nso-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\nn-NO 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ne-NP 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mt-MT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mr-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mn-MN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ml-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mk-MK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mi-NZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\lo-LA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\lb-LU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ky-KG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kok-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\km-KH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kk-KZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ka-GE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\is-IS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ig-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\id-ID 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\hy-AM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ha-Latn-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\gu-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\gd-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ga-IE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\fil-PH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\fa-IR 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\cy-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\chr-CHER-US 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ca-ES-valencia 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bs-Latn-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bn-BD 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\be-BY 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\az-Latn-AZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\as-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\am-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\af-ZA 2017-11-12 19:15 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\appraiser 2017-11-12 19:05 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\OCR 2017-11-12 19:04 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2017-11-12 19:02 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\spool 2017-11-12 19:02 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\FxsTmp 2017-11-12 19:02 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\USOPrivate 2017-11-12 19:01 - 2017-09-29 14:46 - 000000000 ___RD C:\Windows\PrintDialog 2017-11-12 19:01 - 2017-09-29 14:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2017-11-12 19:01 - 2017-09-29 09:45 - 000032768 _____ C:\Windows\system32\config\ELAM 2017-11-12 19:01 - 2017-09-29 09:45 - 000000000 ____D C:\Windows\system32\Sysprep 2017-10-26 20:54 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-26 20:54 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some files in TEMP: ==================== 2017-11-12 19:06 - 2017-09-16 18:17 - 000873320 _____ (NVIDIA Corporation) C:\Users\Strat\AppData\Local\Temp\nvSCPAPI64.dll 2017-11-12 19:53 - 2017-09-16 18:17 - 000368760 _____ (NVIDIA Corporation) C:\Users\Strat\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-12 19:01 ==================== End of FRST.txt ============================ And Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 Ran by Strat (12-11-2017 21:08:30) Running from C:\Users\Strat\Desktop Windows 10 Pro Version 1709 16299.19 (X64) (2017-11-12 18:02:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-251556389-2389510660-2561409723-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-251556389-2389510660-2561409723-503 - Limited - Disabled) Guest (S-1-5-21-251556389-2389510660-2561409723-501 - Limited - Disabled) Strat (S-1-5-21-251556389-2389510660-2561409723-1001 - Administrator - Enabled) => C:\Users\Strat WDAGUtilityAccount (S-1-5-21-251556389-2389510660-2561409723-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Backup and Sync from Google (HKLM-x32\...\{35943B6E-FA28-4261-B1C6-7BC128CBEB7B}) (Version: 3.37.7121.2026 - Google, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden K-Lite Codec Pack 13.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP) LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) qBittorrent 3.3.16 (HKLM-x32\...\qBittorrent) (Version: 3.3.16 - The qBittorrent project) Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] () ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-05] (Google) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-05] (Google) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FB072B5-D01C-4BA0-9C7F-261036A24B7C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-27] (NVIDIA Corporation) Task: {27045040-897C-4B77-9288-E05525E7CEB7} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-11-09] () Task: {2A9336EB-4D9F-40DD-8039-BFB746701A9E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-12] (Dropbox, Inc.) Task: {40FE6AC3-2473-49EA-B3EE-63C434E01362} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.) Task: {66442503-4850-4A21-8139-EA3FAFCEDE4B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation) Task: {7F484ADB-5D8D-410A-A17C-309124FB718E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-27] (NVIDIA Corporation) Task: {8B34935E-60CB-4FBA-B3F1-DBF5C423F88B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-27] (NVIDIA Corporation) Task: {941DE3EE-46A0-4849-AB78-931F1283B591} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-12] (Dropbox, Inc.) Task: {BAB1C318-861C-483C-9F7B-84040A21575D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation) Task: {EEAD8874-C9DD-44EE-8F7F-78DCC63C4700} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation) Task: {FAB731CA-EE9D-4902-A465-75D48F183967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.) Task: {FB011D67-B857-4200-8B46-6A2071BA7D2E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation) Task: {FF6513A5-01CD-4251-AFF2-96ACE3A76519} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-27] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-11-12 20:24 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-11-12 20:24 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-08-29 01:43 - 2017-08-29 01:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-09-29 14:42 - 2017-09-29 15:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-09-29 14:42 - 2017-09-29 15:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000030208 _____ () C:\Windows\system32\Windows.WARP.JITService.exe 2017-11-12 19:28 - 2017-11-05 10:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll 2017-11-12 19:28 - 2017-11-05 10:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 070806136 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-11-12 20:22 - 2017-11-01 12:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-11-12 20:22 - 2017-11-01 12:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-11-12 20:22 - 2017-11-01 12:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-11-12 20:22 - 2017-11-01 12:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-11-12 20:22 - 2017-11-01 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2017-11-12 20:22 - 2017-11-01 13:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-251556389-2389510660-2561409723-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Strat\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\background 1080p.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B2F42255-8480-42E0-8952-E012F09E649A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{98C5141A-CC53-4697-9787-56A19876BC74}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{F5196B4C-7B9C-4941-85AE-8F889F1F9CCF}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{D55E249D-49F4-45BE-A566-0D9829861311}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/12/2017 07:26:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-ABB27G3) Description: Package Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (11/12/2017 07:07:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1830 Start Time: 01d35be0d0ddb9ca Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: c2519ce6-6e40-482c-9f6a-4813be852032 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (11/12/2017 07:07:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-ABB27G3) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (11/12/2017 07:05:34 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (11/12/2017 07:05:34 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). System errors: ============= Error: (11/12/2017 09:01:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 09:00:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 08:57:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 08:56:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout. Error: (11/12/2017 08:54:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout. Error: (11/12/2017 08:49:42 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY) Description: A TCG Command has returned an error. Desc: AuthenticateSession Param1: 0x1 Param2: 0x60000001c Param3: 0x900000006 Param4: 0x0 Status: 0x12 Error: (11/12/2017 08:49:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (11/12/2017 08:49:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (11/12/2017 08:44:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 08:42:59 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY) Description: A TCG Command has returned an error. Desc: AuthenticateSession Param1: 0x1 Param2: 0x60000001c Param3: 0x900000006 Param4: 0x0 Status: 0x12 CodeIntegrity: =================================== Date: 2017-11-12 21:02:27.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:02:27.148 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:02:10.904 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:02:10.273 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:01:38.649 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:57:29.565 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:57:28.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:56:58.427 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:56:58.096 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:55:12.333 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz Percentage of memory in use: 22% Total physical RAM: 16335.8 MB Available physical RAM: 12715.89 MB Total Virtual: 19279.8 MB Available Virtual: 15062.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.28 GB) (Free:200.69 GB) NTFS Drive d: () (Fixed) (Total:200.18 GB) (Free:200.06 GB) NTFS Drive e: () (Fixed) (Total:731.32 GB) (Free:731.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 00FFA705) Partition: GPT. ======================================================== Disk: 1 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  20. I'm having the same issue, running decrapifier I found this, I'm not sure if it's related to the issue. This is driving me insane. Could it be a rootkit? GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19
  21. Yeah i am having the same issue. These are the viruses Malwarebytes www.malwarebytes.com -Detalles del registro- Fecha del análisis: 8/11/17 Hora del análisis: 14:55 Archivo de registro: 8aa06649-c48c-11e7-bb24-4ccc6acd231e.json Administrador: Sí -Información del software- Versión: 3.3.1.2183 Versión de los componentes: 1.0.236 Versión del paquete de actualización: 1.0.3206 Licencia: Gratis -Información del sistema- SO: Windows 10 (Build 15063.674) CPU: x64 Sistema de archivos: NTFS Usuario: DANI-PC\danie -Resumen del análisis- Tipo de análisis: Análisis de amenazas Resultado: Completado Objetos analizados: 362716 Amenazas detectadas: 6 Amenazas en cuarentena: 0 (No hay elementos maliciosos detectados) Tiempo transcurrido: 0 min, 41 seg -Opciones de análisis- Memoria: Activado Inicio: Activado Sistema de archivos: Activado Archivo: Activado Rootkits: Desactivado Heurística: Activado PUP: Detectar PUM: Detectar -Detalles del análisis- Proceso: 0 (No hay elementos maliciosos detectados) Módulo: 0 (No hay elementos maliciosos detectados) Clave del registro: 0 (No hay elementos maliciosos detectados) Valor del registro: 0 (No hay elementos maliciosos detectados) Datos del registro: 0 (No hay elementos maliciosos detectados) Secuencia de datos: 0 (No hay elementos maliciosos detectados) Carpeta: 0 (No hay elementos maliciosos detectados) Archivo: 6 PUP.Optional.Softonic, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [665], [455288],1.0.3206 Adware.Elex.ShrtCln, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [2309], [454693],1.0.3206 PUP.Optional.Spigot, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [648], [454814],1.0.3206 PUP.Optional.Softonic, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [665], [455288],1.0.3206 PUP.Optional.ASK, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [527], [454823],1.0.3206 PUP.Optional.Softonic, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [665], [455288],1.0.3206 Sector físico: 0 (No hay elementos maliciosos detectados) (end)
  22. Hi, I have the same issue too! I quarantined the adware and restarted, yet the adware still remains. (adware.elex.shrtcln)
  23. Hi, I have a similar issue, though the malware is in another Chrome file.please help me , i need to keep safe my bitcoin on exchange
  24. Hello, same issue here! Web Data.zip Scan results.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.