Jump to content

Search the Community

Showing results for tags 'adware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 130 results

  1. Adware.Elex.ShrtCln, C:\USERS\ANONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Rimozione non riuscita, [2309], [454711],1.0.3202 Adware.Elex.ShrtCln, C:\USERS\ANONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Rimozione non riuscita, [2309], [454711],1.0.3202
  2. The same thing happens to me, I tried in all possible ways, but it keeps showing up
  3. I have this same problem. But I have malwarebytes 3.2.2.2029
  4. Hey, I have the same issue, and it also started yesterday. I believe I saw another post about this.
  5. Hi I have the same issue Malwarebytes www.malwarebytes.com -Détails du journal- Date de l'analyse: 08/11/2017 Heure de l'analyse: 15:26 Fichier journal: bebb6e4c-c490-11e7-84de-5cf9dd5d407f.json Administrateur: Oui -Informations du logiciel- Version: 3.3.1.2183 Version de composants: 1.0.236 Version de pack de mise à jour: 1.0.3206 Licence: Gratuit -Informations système- Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: COMPUTER\padawan -Résumé de l'analyse- Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 384153 Menaces détectées: 3 Menaces mises en quarantaine: 3 Temps écoulé: 11 min, 56 s -Options d'analyse- Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Détection PUM: Détection -Détails de l'analyse- Processus: 0 (Aucun élément malveillant détecté) Module: 0 (Aucun élément malveillant détecté) Clé du registre: 0 (Aucun élément malveillant détecté) Valeur du registre: 0 (Aucun élément malveillant détecté) Données du registre: 0 (Aucun élément malveillant détecté) Flux de données: 0 (Aucun élément malveillant détecté) Dossier: 0 (Aucun élément malveillant détecté) Fichier: 3 Adware.Elex.ShrtCln, C:\USERS\PADAWAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, Remplacé, [2309], [454691],1.0.3206 Adware.Elex.ShrtCln, C:\USERS\PADAWAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Remplacé, [2309], [454691],1.0.3206 Adware.Elex.ShrtCln, C:\USERS\PADAWAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Remplacé, [2309], [454691],1.0.3206 Secteur physique: 0 (Aucun élément malveillant détecté) (end)
  6. Hello. I got a problem with this particular adware. I did all the steps with disabling chrome sync and stuff, but they didn't help. Here are my logs from FRST64 FRST.TXT: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 Ran by Strat (administrator) on DESKTOP-ABB27G3 (12-11-2017 21:08:13) Running from C:\Users\Strat\Desktop Loaded Profiles: Strat (Available Profiles: Strat) Platform: Windows 10 Pro Version 1709 16299.19 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Windows\System32\Windows.WARP.JITService.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Windows\System32\Windows.WARP.JITService.exe () C:\Windows\System32\Windows.WARP.JITService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Windows\System32\Windows.WARP.JITService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.) HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{36f5a6c1-a33d-4b48-ac3d-2ce7d5a5386c}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-12] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default [2017-11-12] CHR Extension: (Super Netflix) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2017-11-12] CHR Extension: (BetterTTV) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-12] CHR Extension: (Docs) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12] CHR Extension: (Google Drive) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-12] CHR Extension: (FairSteam - Gameplay video for Steam) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnnjbpfiahjcklcecoplaepepppkkad [2017-11-12] CHR Extension: (YouTube) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-12] CHR Extension: (uBlock Origin) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-12] CHR Extension: (Search by Image (by Google)) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-11-12] CHR Extension: (Tampermonkey) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-12] CHR Extension: (imgur Community Extension) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2017-11-12] CHR Extension: (Sheets) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12] CHR Extension: (HTTPS Everywhere) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-12] CHR Extension: (Google Docs Offline) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12] CHR Extension: (ScriptBlock) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2017-11-12] CHR Extension: (Google Keep - notes and lists) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-12] CHR Extension: (Google Theme) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2017-11-12] CHR Extension: (Typing Test - KeyHero) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2017-11-12] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-11-12] CHR Extension: (Lazarus: Form Recovery) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2017-11-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-12] CHR Extension: (4chan X) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2017-11-12] CHR Extension: (Enhanced Steam) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-11-12] CHR Extension: (Gmail) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-12] CHR Extension: (Chrome Media Router) - C:\Users\Strat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12] CHR Profile: C:\Users\Strat\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed] R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-03-28] (Creative Technology Ltd) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-12] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-27] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074984 2017-03-28] (Creative Technology Ltd) R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2017-03-28] (Creative Technology Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-11-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-12] (Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50808 2017-10-27] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-13 04:00 - 2017-11-12 19:01 - 000000000 ____D C:\Windows\Panther 2017-11-12 21:08 - 2017-11-12 21:08 - 000014526 _____ C:\Users\Strat\Desktop\FRST.txt 2017-11-12 20:52 - 2017-11-12 21:08 - 000000000 ____D C:\FRST 2017-11-12 20:51 - 2017-11-12 20:51 - 002392576 _____ (Farbar) C:\Users\Strat\Desktop\FRST64.exe 2017-11-12 20:49 - 2017-11-12 20:49 - 000000000 ____D C:\Users\Strat\AppData\Local\Notepad++ 2017-11-12 20:48 - 2017-11-12 20:49 - 000000016 _____ C:\Users\Strat\Desktop\re-start.bat 2017-11-12 20:25 - 2017-11-12 20:25 - 000000000 ____D C:\Users\Public\Creative 2017-11-12 20:24 - 2017-11-12 20:50 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-11-12 20:24 - 2017-11-12 20:49 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-11-12 20:24 - 2017-11-12 20:49 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-11-12 20:24 - 2017-11-12 20:49 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-11-12 20:24 - 2017-11-12 20:24 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\Program Files\Malwarebytes 2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\Program Files\LibreOffice 5 2017-11-12 20:24 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-11-12 20:23 - 2017-11-12 20:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-11-12 20:23 - 2017-11-12 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative 2017-11-12 20:23 - 2017-11-12 20:22 - 000001331 _____ C:\Users\Strat\Desktop\Dropbox.lnk 2017-11-12 20:23 - 2012-11-26 16:52 - 000005783 ____N C:\Windows\system32\CTOPT352.cat 2017-11-12 20:23 - 2012-08-13 14:51 - 000183808 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT352.dll 2017-11-12 20:23 - 2010-10-04 15:20 - 000088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll 2017-11-12 20:23 - 2010-10-03 14:54 - 000005594 ____N C:\Windows\system32\CTOPT399.cat 2017-11-12 20:23 - 2008-12-22 20:13 - 000049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll 2017-11-12 20:23 - 2006-12-05 13:53 - 000042496 ____N (Creative Technology Ltd.) C:\Windows\system32\AddCat.exe 2017-11-12 20:22 - 2017-11-12 20:24 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-11-12 20:22 - 2017-11-12 20:24 - 000000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-11-12 20:22 - 2017-11-12 20:22 - 000003998 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2017-11-12 20:22 - 2017-11-12 20:22 - 000003766 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2017-11-12 20:22 - 2017-11-12 20:22 - 000001153 _____ C:\Users\Public\Desktop\Backup and Sync from Google.lnk 2017-11-12 20:22 - 2017-11-12 20:22 - 000000078 ___RH C:\Windows\ctfile.rfc 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Local\PeerDistRepub 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Local\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\ProgramData\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-11-12 20:22 - 2017-11-12 20:22 - 000000000 ____D C:\Program Files (x86)\Creative 2017-11-12 20:22 - 2012-04-02 15:51 - 000004850 _____ C:\Windows\cthdaENG.reg 2017-11-12 20:21 - 2017-11-12 20:21 - 000003232 _____ C:\Windows\System32\Tasks\klcp_update 2017-11-12 20:21 - 2017-11-12 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-11-12 20:21 - 2017-11-12 20:21 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-11-12 20:20 - 2017-11-12 20:49 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Notepad++ 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\Program Files\qBittorrent 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\Program Files\7-Zip 2017-11-12 20:20 - 2017-11-12 20:20 - 000000000 ____D C:\Program Files (x86)\Notepad++ 2017-11-12 20:19 - 2017-11-12 20:19 - 000000000 ____D C:\Software 2017-11-12 20:19 - 2017-11-12 20:19 - 000000000 ____D C:\Games 2017-11-12 19:56 - 2017-11-12 20:26 - 000000000 ____D C:\Users\Strat\AppData\Local\NVIDIA Corporation 2017-11-12 19:56 - 2017-11-12 19:56 - 000000000 ____D C:\Users\Strat\AppData\Local\NVIDIA 2017-11-12 19:56 - 2017-11-12 19:56 - 000000000 ____D C:\Users\Strat\AppData\Local\CEF 2017-11-12 19:55 - 2017-11-12 19:55 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-11-12 19:55 - 2017-11-12 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-11-12 19:55 - 2017-10-27 18:50 - 001796216 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 001578104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 000919160 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll 2017-11-12 19:55 - 2017-10-27 17:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-11-12 19:55 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2017-11-12 19:55 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2017-11-12 19:54 - 2017-11-12 19:54 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-12 19:54 - 2017-11-12 19:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-11-12 19:54 - 2017-10-27 18:50 - 000532088 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000437696 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000186488 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000152696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-11-12 19:54 - 2017-10-27 18:50 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-11-12 19:54 - 2017-10-27 18:50 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2017-11-12 19:54 - 2017-10-27 17:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-11-12 19:54 - 2017-10-27 17:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-11-12 19:54 - 2017-10-25 11:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin 2017-11-12 19:54 - 2017-09-14 00:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-11-12 19:54 - 2017-09-14 00:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-11-12 19:54 - 2017-09-14 00:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll 2017-11-12 19:54 - 2017-09-14 00:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe 2017-11-12 19:53 - 2017-10-27 18:50 - 040237688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 036239480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 035156928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 029270976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 023262280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 019037416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 013864048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 013254520 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 011779328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 010882720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 004485048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 004201592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 003817584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 003614328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001673848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001331200 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001321448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001099712 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001044848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001038680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 001031104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000981112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000932288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000794392 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000739448 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000634224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000615544 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000598464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000505976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2017-11-12 19:53 - 2017-10-27 18:50 - 000057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-11-12 19:53 - 2017-10-27 18:50 - 000050808 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-11-12 19:53 - 2017-10-27 18:50 - 000048442 _____ C:\Windows\system32\nvinfo.pb 2017-11-12 19:53 - 2017-10-27 18:50 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2017-11-12 19:53 - 2017-10-27 18:50 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-11-12 19:53 - 2017-10-27 18:50 - 000000669 _____ C:\Windows\system32\nv-vk64.json 2017-11-12 19:48 - 2017-11-12 19:48 - 000000000 ____D C:\NVIDIA 2017-11-12 19:29 - 2017-11-12 19:29 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-11-12 19:29 - 2017-11-12 19:29 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Google 2017-11-12 19:28 - 2017-11-12 19:28 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 19:27 - 2017-11-12 20:22 - 000000000 ____D C:\Users\Strat\AppData\Local\Google 2017-11-12 19:27 - 2017-11-12 20:22 - 000000000 ____D C:\Program Files (x86)\Google 2017-11-12 19:27 - 2017-11-12 19:27 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-12 19:27 - 2017-11-12 19:27 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-12 19:24 - 2017-11-12 19:24 - 000000000 ____D C:\Users\Strat\AppData\Local\PlaceholderTileLogoFolder 2017-11-12 19:15 - 2017-11-12 19:15 - 000000000 ____D C:\Windows\containers 2017-11-12 19:14 - 2017-11-12 19:12 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-11-12 19:13 - 2017-11-12 19:14 - 000000000 ____D C:\Windows\system32\MRT 2017-11-12 19:13 - 2017-11-12 19:13 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-11-12 19:13 - 2017-11-12 19:13 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-11-12 19:13 - 2017-10-10 17:33 - 017080832 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll 2017-11-12 19:13 - 2017-10-10 17:25 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\HolographicRuntimes.dll 2017-11-12 19:13 - 2017-10-10 17:22 - 021752832 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll 2017-11-12 19:13 - 2017-10-10 17:12 - 000664576 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll 2017-11-12 19:13 - 2017-10-10 08:14 - 000139672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-11-12 19:13 - 2017-10-10 08:11 - 000739696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2017-11-12 19:13 - 2017-10-10 08:10 - 001200024 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-11-12 19:13 - 2017-10-10 08:07 - 008592280 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-11-12 19:13 - 2017-10-10 08:02 - 002400664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-11-12 19:13 - 2017-10-10 08:01 - 005906264 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll 2017-11-12 19:13 - 2017-10-10 08:01 - 001633744 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2017-11-12 19:13 - 2017-10-10 08:00 - 001053592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-11-12 19:13 - 2017-10-10 08:00 - 000373656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2017-11-12 19:13 - 2017-10-10 07:59 - 001641536 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-11-12 19:13 - 2017-10-10 07:59 - 000778936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-11-12 19:13 - 2017-10-10 07:54 - 001463856 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2017-11-12 19:13 - 2017-10-10 07:53 - 000464416 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2017-11-12 19:13 - 2017-10-10 07:53 - 000232344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-11-12 19:13 - 2017-10-10 07:51 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-11-12 19:13 - 2017-10-10 07:50 - 002573208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-11-12 19:13 - 2017-10-10 07:49 - 001554216 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2017-11-12 19:13 - 2017-10-10 07:49 - 000060824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\urscx01000.sys 2017-11-12 19:13 - 2017-10-10 07:48 - 000677280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-11-12 19:13 - 2017-10-10 07:44 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll 2017-11-12 19:13 - 2017-10-10 07:43 - 000559000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-11-12 19:13 - 2017-10-10 07:43 - 000418712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-11-12 19:13 - 2017-10-10 07:43 - 000045976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys 2017-11-12 19:13 - 2017-10-10 07:36 - 001436432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-11-12 19:13 - 2017-10-10 07:31 - 001528912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2017-11-12 19:13 - 2017-10-10 07:31 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-11-12 19:13 - 2017-10-10 07:30 - 000123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-11-12 19:13 - 2017-10-10 07:26 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-11-12 19:13 - 2017-10-10 07:11 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2017-11-12 19:13 - 2017-10-10 07:07 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2017-11-12 19:13 - 2017-10-10 07:06 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-11-12 19:13 - 2017-10-10 06:53 - 025246208 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-11-12 19:13 - 2017-10-10 06:47 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-11-12 19:13 - 2017-10-10 06:46 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-11-12 19:13 - 2017-10-10 06:46 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-11-12 19:13 - 2017-10-10 06:44 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-11-12 19:13 - 2017-10-10 06:43 - 018913792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-11-12 19:13 - 2017-10-10 06:43 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll 2017-11-12 19:13 - 2017-10-10 06:43 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll 2017-11-12 19:13 - 2017-10-10 06:42 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2017-11-12 19:13 - 2017-10-10 06:42 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll 2017-11-12 19:13 - 2017-10-10 06:41 - 019343360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-11-12 19:13 - 2017-10-10 06:41 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2017-11-12 19:13 - 2017-10-10 06:39 - 006032896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-11-12 19:13 - 2017-10-10 06:39 - 003681280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-11-12 19:13 - 2017-10-10 06:39 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-11-12 19:13 - 2017-10-10 06:37 - 003672064 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-11-12 19:13 - 2017-10-10 06:37 - 002869248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-11-12 19:13 - 2017-10-10 06:37 - 001587200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2017-11-12 19:13 - 2017-10-10 06:37 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-11-12 19:13 - 2017-10-10 06:36 - 001664000 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2017-11-12 19:13 - 2017-10-10 06:36 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-11-12 19:13 - 2017-10-10 06:34 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2017-11-12 19:13 - 2017-10-10 06:34 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys 2017-11-12 19:13 - 2017-10-10 06:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-11-12 19:13 - 2017-10-10 06:34 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-11-12 19:13 - 2017-10-10 06:33 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll 2017-11-12 19:13 - 2017-10-10 06:33 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2017-11-12 19:13 - 2017-10-10 06:32 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll 2017-11-12 19:13 - 2017-10-10 06:32 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-11-12 19:13 - 2017-10-10 06:32 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-11-12 19:13 - 2017-10-10 06:31 - 023664128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-11-12 19:13 - 2017-10-10 06:31 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll 2017-11-12 19:13 - 2017-10-10 06:31 - 000478208 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll 2017-11-12 19:13 - 2017-10-10 06:30 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-11-12 19:13 - 2017-10-10 06:30 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2017-11-12 19:13 - 2017-10-10 06:30 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll 2017-11-12 19:13 - 2017-10-10 06:29 - 008097792 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-11-12 19:13 - 2017-10-10 06:29 - 000769024 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2017-11-12 19:13 - 2017-10-10 06:28 - 004744192 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-11-12 19:13 - 2017-10-10 06:27 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-11-12 19:13 - 2017-10-10 06:27 - 001165824 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll 2017-11-12 19:13 - 2017-10-10 06:26 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-11-12 19:13 - 2017-10-10 06:26 - 002106880 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-11-12 19:13 - 2017-10-10 06:26 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2017-11-12 19:13 - 2017-10-10 06:26 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-11-12 19:13 - 2017-10-10 06:25 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-11-12 19:13 - 2017-10-10 06:25 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2017-11-12 19:13 - 2017-10-10 06:24 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-11-12 19:13 - 2017-10-10 06:24 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-11-12 19:13 - 2017-10-04 16:21 - 002474080 _____ C:\Windows\SysWOW64\Windows.Mirage.dll 2017-11-12 19:13 - 2017-10-04 15:37 - 003312432 _____ C:\Windows\system32\Windows.Mirage.dll 2017-11-12 19:13 - 2017-10-03 23:42 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-11-12 19:13 - 2017-10-03 23:42 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-11-12 19:13 - 2017-10-03 23:42 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-11-12 19:12 - 2017-11-12 19:12 - 000000000 ____D C:\Users\Strat\AppData\Local\PackageStaging 2017-11-12 19:12 - 2017-11-12 19:12 - 000000000 ____D C:\Users\Strat\AppData\Local\Comms 2017-11-12 19:07 - 2017-11-12 20:08 - 000000000 ___RD C:\Users\Strat\OneDrive 2017-11-12 19:07 - 2017-11-12 19:07 - 000000000 ____D C:\Users\Strat\AppData\Local\DBG 2017-11-12 19:06 - 2017-11-12 20:56 - 000982918 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-12 19:06 - 2017-11-12 19:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-11-12 19:05 - 2017-11-12 20:49 - 000000000 ____D C:\ProgramData\NVIDIA 2017-11-12 19:05 - 2017-11-12 20:08 - 000000000 ____D C:\Users\Strat\AppData\Local\Packages 2017-11-12 19:05 - 2017-11-12 19:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-11-12 19:05 - 2017-11-12 19:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-11-12 19:05 - 2017-11-12 19:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-11-12 19:05 - 2017-11-12 19:06 - 000000000 ____D C:\Users\Strat\AppData\Local\ConnectedDevicesPlatform 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ___RD C:\Users\Strat\3D Objects 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ___HD C:\Users\Strat\MicrosoftEdgeBackups 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Roaming\Adobe 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Local\VirtualStore 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Local\Publishers 2017-11-12 19:05 - 2017-11-12 19:05 - 000000000 ____D C:\Users\Strat\AppData\Local\MicrosoftEdge 2017-11-12 19:05 - 2017-09-28 19:06 - 007850496 _____ (Microsoft Corporation) C:\Windows\system32\prm0015.dll 2017-11-12 19:05 - 2017-09-28 19:05 - 007702016 _____ (Microsoft Corporation) C:\Windows\system32\NL7Models0011.dll 2017-11-12 19:05 - 2017-09-28 19:05 - 002454528 _____ (Microsoft Corporation) C:\Windows\system32\NL7Lexicons0011.dll 2017-11-12 19:05 - 2017-09-28 19:02 - 007407616 _____ (Microsoft Corporation) C:\Windows\system32\NL7Data0011.dll 2017-11-12 19:05 - 2017-09-28 19:02 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\MSWB70011.dll 2017-11-12 19:05 - 2017-09-28 18:42 - 000517120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70011.dll 2017-11-12 19:05 - 2017-09-28 18:41 - 007246336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0011.dll 2017-11-12 19:05 - 2017-09-28 15:50 - 000002060 _____ C:\Windows\system32\noise.jpn 2017-11-12 19:04 - 2017-11-12 19:07 - 000000000 ____D C:\Users\Strat 2017-11-12 19:04 - 2017-11-12 19:04 - 000000020 ___SH C:\Users\Strat\ntuser.ini 2017-11-12 19:04 - 2017-11-12 19:04 - 000000000 ____D C:\ProgramData\USOShared 2017-11-12 19:02 - 2017-11-12 19:02 - 000000000 _SHDL C:\Documents and Settings 2017-11-12 19:02 - 2017-11-12 19:02 - 000000000 ____D C:\Windows\CSC 2017-11-12 19:02 - 2017-09-29 14:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2017-11-12 19:01 - 2017-11-12 20:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-12 19:01 - 2017-11-12 20:24 - 000348904 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-12 19:01 - 2017-11-12 19:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-11-12 19:01 - 2017-11-12 19:01 - 000000000 ____D C:\Windows\system32\SleepStudy 2017-11-12 19:01 - 2017-11-12 19:01 - 000000000 ____D C:\Windows\ServiceProfiles 2017-11-03 22:24 - 2017-11-03 22:24 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2017-11-03 22:24 - 2017-11-03 22:24 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2017-11-03 22:24 - 2017-11-03 22:24 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2017-11-03 22:24 - 2017-11-03 22:24 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2017-11-01 12:58 - 2017-11-01 12:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-11-01 12:58 - 2017-11-01 12:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-13 04:00 - 2017-09-29 14:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2017-11-12 20:49 - 2017-09-29 09:45 - 000524288 _____ C:\Windows\system32\config\BBI 2017-11-12 20:23 - 2017-09-29 14:44 - 000000000 ____D C:\Windows\INF 2017-11-12 20:09 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-12 20:09 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\AppReadiness 2017-11-12 19:54 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\Help 2017-11-12 19:38 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2017-11-12 19:31 - 2017-09-29 14:37 - 000000000 ____D C:\Windows\CbsTemp 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\yo-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\wo-SN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\vi-VN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ur-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ug-CN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tt-RU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tk-TM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ti-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\te-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ta-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sw-KE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sq-AL 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\si-LK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\rw-RW 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\quz-PE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\prs-AF 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\pa-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\or-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\nn-NO 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ne-NP 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mt-MT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mr-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mn-MN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ml-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mk-MK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\lo-LA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\lb-LU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ky-KG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kok-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\km-KH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ka-GE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\is-IS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ig-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\id-ID 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\hy-AM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\gu-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\gd-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ga-IE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\fil-PH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\fa-IR 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\cy-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bn-BD 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\be-BY 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\as-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\am-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\af-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\zu-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\yo-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\xh-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\wo-SN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\vi-VN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ur-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ug-CN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tt-RU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tn-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tk-TM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ti-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\te-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ta-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sw-KE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sq-AL 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\si-LK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sd-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\rw-RW 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\quz-PE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\quc-Latn-GT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\prs-AF 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\pa-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\pa-Arab-PK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\or-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\nso-ZA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\nn-NO 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ne-NP 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mt-MT 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mr-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mn-MN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ml-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mk-MK 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mi-NZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\lo-LA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\lb-LU 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ky-KG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kok-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\km-KH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kk-KZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ka-GE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\is-IS 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ig-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\id-ID 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\hy-AM 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ha-Latn-NG 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\gu-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\gd-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ga-IE 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\fil-PH 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\fa-IR 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\cy-GB 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\chr-CHER-US 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ca-ES-valencia 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bs-Latn-BA 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bn-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bn-BD 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\be-BY 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\az-Latn-AZ 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\as-IN 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\am-ET 2017-11-12 19:15 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\af-ZA 2017-11-12 19:15 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\appraiser 2017-11-12 19:05 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\OCR 2017-11-12 19:04 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2017-11-12 19:02 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\spool 2017-11-12 19:02 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\FxsTmp 2017-11-12 19:02 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\USOPrivate 2017-11-12 19:01 - 2017-09-29 14:46 - 000000000 ___RD C:\Windows\PrintDialog 2017-11-12 19:01 - 2017-09-29 14:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2017-11-12 19:01 - 2017-09-29 09:45 - 000032768 _____ C:\Windows\system32\config\ELAM 2017-11-12 19:01 - 2017-09-29 09:45 - 000000000 ____D C:\Windows\system32\Sysprep 2017-10-26 20:54 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-26 20:54 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some files in TEMP: ==================== 2017-11-12 19:06 - 2017-09-16 18:17 - 000873320 _____ (NVIDIA Corporation) C:\Users\Strat\AppData\Local\Temp\nvSCPAPI64.dll 2017-11-12 19:53 - 2017-09-16 18:17 - 000368760 _____ (NVIDIA Corporation) C:\Users\Strat\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-12 19:01 ==================== End of FRST.txt ============================ And Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 Ran by Strat (12-11-2017 21:08:30) Running from C:\Users\Strat\Desktop Windows 10 Pro Version 1709 16299.19 (X64) (2017-11-12 18:02:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-251556389-2389510660-2561409723-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-251556389-2389510660-2561409723-503 - Limited - Disabled) Guest (S-1-5-21-251556389-2389510660-2561409723-501 - Limited - Disabled) Strat (S-1-5-21-251556389-2389510660-2561409723-1001 - Administrator - Enabled) => C:\Users\Strat WDAGUtilityAccount (S-1-5-21-251556389-2389510660-2561409723-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Backup and Sync from Google (HKLM-x32\...\{35943B6E-FA28-4261-B1C6-7BC128CBEB7B}) (Version: 3.37.7121.2026 - Google, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden K-Lite Codec Pack 13.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP) LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) qBittorrent 3.3.16 (HKLM-x32\...\qBittorrent) (Version: 3.3.16 - The qBittorrent project) Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] () ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-05] (Google) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-05] (Google) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FB072B5-D01C-4BA0-9C7F-261036A24B7C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-27] (NVIDIA Corporation) Task: {27045040-897C-4B77-9288-E05525E7CEB7} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-11-09] () Task: {2A9336EB-4D9F-40DD-8039-BFB746701A9E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-12] (Dropbox, Inc.) Task: {40FE6AC3-2473-49EA-B3EE-63C434E01362} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.) Task: {66442503-4850-4A21-8139-EA3FAFCEDE4B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation) Task: {7F484ADB-5D8D-410A-A17C-309124FB718E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-27] (NVIDIA Corporation) Task: {8B34935E-60CB-4FBA-B3F1-DBF5C423F88B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-27] (NVIDIA Corporation) Task: {941DE3EE-46A0-4849-AB78-931F1283B591} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-12] (Dropbox, Inc.) Task: {BAB1C318-861C-483C-9F7B-84040A21575D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation) Task: {EEAD8874-C9DD-44EE-8F7F-78DCC63C4700} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation) Task: {FAB731CA-EE9D-4902-A465-75D48F183967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.) Task: {FB011D67-B857-4200-8B46-6A2071BA7D2E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation) Task: {FF6513A5-01CD-4251-AFF2-96ACE3A76519} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-27] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-11-12 20:24 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-11-12 20:24 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-08-29 01:43 - 2017-08-29 01:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-09-29 14:42 - 2017-09-29 15:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-09-29 14:42 - 2017-09-29 15:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000030208 _____ () C:\Windows\system32\Windows.WARP.JITService.exe 2017-11-12 19:28 - 2017-11-05 10:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll 2017-11-12 19:28 - 2017-11-05 10:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-11-12 19:55 - 2017-10-27 18:50 - 070806136 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-11-12 20:22 - 2017-11-01 12:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-11-12 20:22 - 2017-11-01 12:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-11-12 20:22 - 2017-11-01 12:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-11-12 20:22 - 2017-11-01 12:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-11-12 20:22 - 2017-11-01 12:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-11-12 20:22 - 2017-11-01 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-11-12 20:22 - 2017-11-01 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-11-12 20:22 - 2017-11-01 13:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2017-11-12 20:22 - 2017-11-01 13:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-11-12 20:22 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-251556389-2389510660-2561409723-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Strat\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\background 1080p.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B2F42255-8480-42E0-8952-E012F09E649A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{98C5141A-CC53-4697-9787-56A19876BC74}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{F5196B4C-7B9C-4941-85AE-8F889F1F9CCF}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{D55E249D-49F4-45BE-A566-0D9829861311}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/12/2017 07:26:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-ABB27G3) Description: Package Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (11/12/2017 07:07:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1830 Start Time: 01d35be0d0ddb9ca Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: c2519ce6-6e40-482c-9f6a-4813be852032 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (11/12/2017 07:07:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-ABB27G3) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (11/12/2017 07:05:34 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (11/12/2017 07:05:34 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). Error: (11/12/2017 07:05:26 PM) (Source: ESENT) (EventID: 522) (User: ) Description: ShellExperienceHost (6192,P,0) TILEREPOSITORYS-1-5-21-251556389-2389510660-2561409723-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8). System errors: ============= Error: (11/12/2017 09:01:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 09:00:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 08:57:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 08:56:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout. Error: (11/12/2017 08:54:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout. Error: (11/12/2017 08:49:42 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY) Description: A TCG Command has returned an error. Desc: AuthenticateSession Param1: 0x1 Param2: 0x60000001c Param3: 0x900000006 Param4: 0x0 Status: 0x12 Error: (11/12/2017 08:49:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (11/12/2017 08:49:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ABB27G3) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (11/12/2017 08:44:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ABB27G3) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ABB27G3\Strat SID (S-1-5-21-251556389-2389510660-2561409723-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/12/2017 08:42:59 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY) Description: A TCG Command has returned an error. Desc: AuthenticateSession Param1: 0x1 Param2: 0x60000001c Param3: 0x900000006 Param4: 0x0 Status: 0x12 CodeIntegrity: =================================== Date: 2017-11-12 21:02:27.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:02:27.148 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:02:10.904 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:02:10.273 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 21:01:38.649 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:57:29.565 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:57:28.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:56:58.427 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:56:58.096 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-12 20:55:12.333 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz Percentage of memory in use: 22% Total physical RAM: 16335.8 MB Available physical RAM: 12715.89 MB Total Virtual: 19279.8 MB Available Virtual: 15062.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.28 GB) (Free:200.69 GB) NTFS Drive d: () (Fixed) (Total:200.18 GB) (Free:200.06 GB) NTFS Drive e: () (Fixed) (Total:731.32 GB) (Free:731.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 00FFA705) Partition: GPT. ======================================================== Disk: 1 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  7. I'm having the same issue, running decrapifier I found this, I'm not sure if it's related to the issue. This is driving me insane. Could it be a rootkit? GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19
  8. Yeah i am having the same issue. These are the viruses Malwarebytes www.malwarebytes.com -Detalles del registro- Fecha del análisis: 8/11/17 Hora del análisis: 14:55 Archivo de registro: 8aa06649-c48c-11e7-bb24-4ccc6acd231e.json Administrador: Sí -Información del software- Versión: 3.3.1.2183 Versión de los componentes: 1.0.236 Versión del paquete de actualización: 1.0.3206 Licencia: Gratis -Información del sistema- SO: Windows 10 (Build 15063.674) CPU: x64 Sistema de archivos: NTFS Usuario: DANI-PC\danie -Resumen del análisis- Tipo de análisis: Análisis de amenazas Resultado: Completado Objetos analizados: 362716 Amenazas detectadas: 6 Amenazas en cuarentena: 0 (No hay elementos maliciosos detectados) Tiempo transcurrido: 0 min, 41 seg -Opciones de análisis- Memoria: Activado Inicio: Activado Sistema de archivos: Activado Archivo: Activado Rootkits: Desactivado Heurística: Activado PUP: Detectar PUM: Detectar -Detalles del análisis- Proceso: 0 (No hay elementos maliciosos detectados) Módulo: 0 (No hay elementos maliciosos detectados) Clave del registro: 0 (No hay elementos maliciosos detectados) Valor del registro: 0 (No hay elementos maliciosos detectados) Datos del registro: 0 (No hay elementos maliciosos detectados) Secuencia de datos: 0 (No hay elementos maliciosos detectados) Carpeta: 0 (No hay elementos maliciosos detectados) Archivo: 6 PUP.Optional.Softonic, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [665], [455288],1.0.3206 Adware.Elex.ShrtCln, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [2309], [454693],1.0.3206 PUP.Optional.Spigot, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [648], [454814],1.0.3206 PUP.Optional.Softonic, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [665], [455288],1.0.3206 PUP.Optional.ASK, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [527], [454823],1.0.3206 PUP.Optional.Softonic, C:\USERS\DANIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [665], [455288],1.0.3206 Sector físico: 0 (No hay elementos maliciosos detectados) (end)
  9. Hi, I have the same issue too! I quarantined the adware and restarted, yet the adware still remains. (adware.elex.shrtcln)
  10. Hi, I have a similar issue, though the malware is in another Chrome file.please help me , i need to keep safe my bitcoin on exchange
  11. Hello, same issue here! Web Data.zip Scan results.txt
  12. During my MalwareBytes Scan, Adware.Elex.Shrtcln keeps showing up as a threat. Every time I quarantine and remove it upon restarting, it keeps returning in a following scan. So I would like some assistance in being able to remove it permanently. Thank you. Threat Summary.txt
  13. I hacked at it for several days and followed these instructions. That being to reset all browsers, set sync and delete the ->google\chrome\default\ files finally malware bytes ran and said that one file was not deleted. If I remember correctly I had seen this before and it had changed names. It was "Preference Saved" or similar but not just plain "Preference." I went to it and deleted it. So far after a full day no problems. It was not "preference" but another preference file. I was surprised that Malwarebytes could not delete it but I could go in and delete it. I think it is where the Search60 virus stores the bot that reinstalls the virus.
  14. Earlier today I saw that when I typed in the searchbar in chrome, google would briefly appear and then would switch to SearchSixty, its a pest of a search engine, I searched my programs, nothing unusual, reset chrome, still pops up, full scanned with avast and malwarebytes, no issues were found, uninstalled and reinstalled chrome, still it pops up every time I use the searchbar, but not if I go to the google homepage, is there something I'm missing to remove it?
  15. So lately, I've discovered a program that is running and in the startup called svcmcx. I don't know what it is for but searching through the internet, I see that it is a trojan or something. It's probably why I keep getting Safe Search as my search engine. I can't even start up Malwarebytes anymore!! Can someone tell me what to do to get rid of this? Thanks
  16. I have been facing the malware issue where the browser gets redirected multiple times ultimately to a phishing attempt. earlier this was on both my laptops for which I realised the issue was with the modem/router. but even after changing the modem and updating the firmware, I still face the issue but only on macOS. MalwareBytes says the system is clean, while I don't see anything strange on my laptop manually as well. please suggest a fix! Thank you.
  17. My windows 7 desktop seems to be infected with some kind of adware. It has evaded multiple malwarebytes scans as well as bitdefender pro scans. There are several culprits, including puttr18, searchbind.net, pipeschannels, adsh*t, etc. These will open in a new tab at any time, even if I click somewhere random on the screen where there isn't any kind of visible trigger. They will either redirect to some scammy site or just close on their own. I have found NO way to prevent this. There appear to be no fishy programs on my computer, no fishy processes running, nothing. Initially virus scanning yielded a couple results, but the problem persists and they no longer find anything. Another thing that happens is that certain words will be highlighted and clicking on them will open some more scam sites. This works and has been tested with both browsers on my computer (chrome and opera) whether in incognito, private browsing, new sessions and users, doesn't matter. This means it's on my computer and not an extension or anything like that.
  18. Hi, I am very new to this. I am so happy I found your site. It detected over 2000 threats. 2 were identified as malware (Please see image) and all the others were PUP files (?). When malwarebytes prompted me to quarantine, I noticed the 2 identified as malware were not on the list. I proceeded with the process anyway and in the final report I did not see those 2 items. Does this mean it was never removed? How would I remove it if they weren't? Thank you, J
  19. I have been working on removing a browser hijacker for over a month now. This program is super hardcore. I have been able to remove all virus and adware for decades ...since my 5 inch monochrome screen said you are stoned and had been infected from a 5 1/4 floppy disk. But this program has me BEAT and I am here asking for HELP. This hijacker (adware...ransomware?) works on both Internet Explorer and chrome....essentially every time I open a page from from home screen I get one of the comcast survey.....You've been infected ...call microsoft pop-ups/redirected page. I have run every virus/adware/ransomware/hijacker detection program and NOBODY can find it. windows 7 pro updated to today avg free up to date 2 hard drives both with a active copy of win 7 Restore system is normally turned on Programs tried AVG Norton "eraser" malwarebytes free adwcleaner Emsisot Emergency Cleaner BDantiransomware I have unenabled all extensions in browsers uninstalled and reinstalled all browsers I have also tried using system restore but that did not work also..... PLS HELP
  20. Hello, I'm new in this forum, Please let me know if i am making any mistake in this post. Recently, a "Secure Search" bar appeared above the Google main page, also, sometimes I am redirected to another page when searching, and other times, I am redirected to Adv pages. I'd runned AdwCleaner Scan and It has found some Adwares, so I proceed to clean them. But after I reboot my PC, they are back again. I runned an Malwarebytes full scan and removed all the malwares, but the sames happens. I attach my last Adwcleaner Scan LogFile. Thanks. logFile.txt
  21. I am at a loss. I have tried every solution I can find but nothing is helping with this issue of some websites redirecting me with what pops up as "onclickrev.com" then takes me to various sites to download flash, virus removal software or other various things. I have tried clearing all data from Safari, starting in safe mode, and scanning with AVG, Malwarebytes, Norton, and Combo Cleaner. Nothing is detected. It mostly happens on search boxes within various websites and some buttons that are clicked on websites. ANY help is greatly appreciated. I have never had an issue that I haven't been able to fix before ? (much less any issues to begin with)
  22. Hello, My name is Ethan and I'd like to request help with malware/rootkit/ad/etc removal. To give you some background, I recently got infected with THIS file. It changed my browser, redirected pages to "eatyellowmango. com", changed file names to ".bat", installed bitcoin miners, 100% CPU usage, and much worse. After 10+ hours of running every AV program I knew, it's mostly gone; but I'm still having issues with what I believe is "Adware.Yelloader" and rootkit(s). I've also gotten a BSOD message three times, saying "irql_not_less_or_equal", but that stopped now. So far, I've ran the following programs: Rkill, Malwarebytes, Chameleon, Zemana, AdwCleaner, HitmanPro, SUPERAntiSpyware, Webroot SecureAnywhere, AVG, Avast, ESET Online Scanner, Sophos, EmsisoftEmergencyKit, Defogger, MiniToolBox, FRST (Logs), and FixTDSS (Unsuccessful) - and I plan to run TronScript soon. (I also ran these programs in SafeMode w/ Network) Everything seems to be normal now, except that I'm having problems running TDSSkiller, JRT, ComboFix, Malwarebytes Anti-Rootkit (Missing DDA driver + "The system inaccessible seems inaccessible or encrypted. Scan cant continue"), BitDefender, and some other normal programs such as Razer Synapse. They ask for admin privileges, but they never open afterwords. While I'm not very experienced on this topic, I believe it may be a program/virus denying me access. I'm willing to simply wipe my drives (SSD w/ win10, HDD for storage), but that's the last resort. If you could help, I'd greatly appreciate it. Thank you to anyone who reads/replies to my thread! Addition.txt FRST.txt MB Scan.txt
  23. PUP.Optional.Leacy keeps coming back when I restart the computer by scanning with adwcleaner. Below is the log file: # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 02:21:47 2017 # Updated on 2017/05/08 by Malwarebytes # Database: 08-11-2017.1 # Running on Windows 10 Home Single Language (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [4557 B] - [2017/8/12 2:44:41] C:/AdwCleaner/AdwCleaner[C1].txt - [1362 B] - [2017/8/12 2:49:26] C:/AdwCleaner/AdwCleaner[C2].txt - [1483 B] - [2017/8/14 23:47:49] C:/AdwCleaner/AdwCleaner[C3].txt - [1683 B] - [2017/8/15 1:1:17] C:/AdwCleaner/AdwCleaner[C4].txt - [1815 B] - [2017/8/15 1:9:4] C:/AdwCleaner/AdwCleaner[S0].txt - [5087 B] - [2017/8/12 2:44:11] C:/AdwCleaner/AdwCleaner[S1].txt - [1205 B] - [2017/8/12 2:49:9] C:/AdwCleaner/AdwCleaner[S2].txt - [1310 B] - [2017/8/14 23:41:33] C:/AdwCleaner/AdwCleaner[S3].txt - [1446 B] - [2017/8/14 23:53:2] C:/AdwCleaner/AdwCleaner[S4].txt - [1513 B] - [2017/8/15 1:1:0] C:/AdwCleaner/AdwCleaner[S5].txt - [1644 B] - [2017/8/15 1:8:55] C:/AdwCleaner/AdwCleaner[S6].txt - [1775 B] - [2017/8/15 1:37:48] ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ##########
  24. Few days ago, my computer infected with an adware. Some time, it play an audio to trick me to call a number to get help from microsoft staff. I've tried some method to find and remove it but didn't success (advance scan from windows security center, find it on installed program in Control Panel, some other antivirus software included MalwareBytes). I've attached some result from antivirus software. I would be very grateful if someone cant have me get through of this. (Reset Windows will take a lot of time so I can't do it now) FRST.txt JRT.txt AdwCleaner.txt Addition.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.