Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017 Ran by Jackson (administrator) on DESKTOP-JLK4V0U (07-12-2017 10:37:37) Running from F:\Farbar Recovery Scan Tool Loaded Profiles: Jackson (Available Profiles: Jackson) Platform: Windows 10 Home 10240.16405 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe (AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-12-25] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-29] (AVAST Software) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{a55f251e-428f-4854-b5c7-0a50b879bce0}: [DhcpNameServer] 24.54.164.30 74.211.89.201 24.56.178.102 Tcpip\..\Interfaces\{f671e557-e47f-40f3-875f-0bb43240512e}: [DhcpNameServer] 40.23.1.11 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-2966973244-140574636-4198648863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {DAEBC7DC-3174-440D-8B70-0C2526DA0DEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2966973244-140574636-4198648863-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2966973244-140574636-4198648863-1001 -> {DAEBC7DC-3174-440D-8B70-0C2526DA0DEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] () Chrome: ======= CHR NewTab: Default -> Not-active:"chrome-extension://ddoclifaibbnompabgmpnbkdceodmbpl/pdfconverter.html" CHR Profile: C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default [2017-11-14] CHR Extension: (Docs) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29] CHR Extension: (Google Drive) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25] CHR Extension: (YouTube) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25] CHR Extension: (Gamer Chuck Advertising) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbllnfikmkjbkkchnaplimnhmfkbheij [2017-07-02] CHR Extension: (DoctoPDF) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddoclifaibbnompabgmpnbkdceodmbpl [2017-11-05] CHR Extension: (Sheets) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-29] CHR Extension: (Google Docs Offline) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25] CHR Extension: (Gmail) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25] CHR Extension: (Chrome Media Router) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-29] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-29] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-29] (AVAST Software) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-12-25] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-12-25] (Realtek Semiconductor) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-25] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2017-08-22] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [175720 2017-08-28] (Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-29] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-29] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-29] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-29] (AVAST Software s.r.o.) S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [105128 2017-11-05] (AVAST Software) R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-29] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-29] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-29] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1029872 2017-10-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-29] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-29] (AVAST Software) S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-29] (AVAST Software) S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-07] (Malwarebytes) S3 NvnUsbAudio; C:\Windows\system32\DRIVERS\nvnusbaudio.sys [54000 2014-10-17] (Novation DMS Ltd.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2016-12-25] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-07-09] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6804480 2017-07-06] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [97320 2016-12-25] (Intel Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2016-12-25] (HP) U3 aspnet_state; no ImagePath S3 dbx; system32\DRIVERS\dbx.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-07 10:33 - 2017-12-07 10:33 - 000016148 _____ C:\Windows\system32\DESKTOP-JLK4V0U_Jackson_HistoryPrediction.bin 2017-12-07 10:05 - 2017-12-07 10:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-12-07 10:05 - 2017-12-07 10:05 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-07 10:05 - 2017-12-07 10:05 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-12-07 10:05 - 2017-12-07 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-07 10:05 - 2017-12-07 10:05 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-07 10:05 - 2017-12-07 10:05 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-07 10:05 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-12-06 11:20 - 2017-12-06 11:20 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk 2017-12-06 11:20 - 2017-12-06 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2017-12-06 11:20 - 2017-12-06 11:20 - 000000000 ____D C:\Program Files\Speccy 2017-12-06 11:18 - 2017-12-06 11:18 - 000009884 _____ C:\junk.txt 2017-12-06 11:14 - 2017-12-06 11:14 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS 2017-12-06 10:46 - 2017-12-07 10:37 - 000000000 ____D C:\FRST 2017-11-12 11:41 - 2017-11-12 11:41 - 000000000 _____ C:\Users\Jackson\AppData\Local\{12E2183F-4F56-4087-BE4D-DCD6F4901748} 2017-11-11 11:41 - 2017-11-11 11:41 - 000000000 _____ C:\Users\Jackson\AppData\Local\{2D8B4628-137E-4D53-B12D-1E32B9392308} 2017-11-10 16:23 - 2017-11-10 16:23 - 000000000 _____ C:\Users\Jackson\AppData\Local\{DBFE3CBC-AE44-495A-B62A-768902091F17} 2017-11-10 11:41 - 2017-11-10 11:41 - 000000000 _____ C:\Users\Jackson\AppData\Local\{92840899-547E-4A07-BF4A-328AB94BAB8B} 2017-11-09 16:23 - 2017-11-09 16:23 - 000000000 _____ C:\Users\Jackson\AppData\Local\{FF4D2A4A-271E-4E14-A724-826440238BB7} 2017-11-09 11:41 - 2017-11-09 11:41 - 000000000 _____ C:\Users\Jackson\AppData\Local\{91BB215D-348C-48C3-930D-68827910FC75} 2017-11-08 11:41 - 2017-11-08 11:41 - 000000000 _____ C:\Users\Jackson\AppData\Local\{0CEF6EE5-6CC4-4454-BF58-E0961808F361} 2017-11-07 11:41 - 2017-11-07 11:41 - 000000000 _____ C:\Users\Jackson\AppData\Local\{7B6D86EA-8AE1-4C92-9341-509C2F8D98FC} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-07 10:30 - 2017-08-25 22:14 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-12-07 10:29 - 2016-12-25 11:22 - 000000000 ____D C:\Users\Jackson\Documents\YouCam 2017-12-07 10:27 - 2016-12-25 11:30 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-12-07 10:27 - 2016-12-25 11:19 - 000000000 __SHD C:\Users\Jackson\IntelGraphicsProfiles 2017-12-07 10:21 - 2016-02-04 19:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-07 10:20 - 2016-02-04 18:27 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-12-07 10:19 - 2016-12-25 11:19 - 000002094 _____ C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk 2017-12-07 10:19 - 2015-10-20 01:05 - 000002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk 2017-12-07 10:08 - 2016-02-04 18:39 - 000000000 ____D C:\Windows\INF 2017-12-07 10:08 - 2015-07-15 23:09 - 000942576 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-06 16:45 - 2017-01-15 19:09 - 000000730 _____ C:\Windows\Tasks\WpsKtpcntrQingTask_Jackson.job 2017-12-06 16:44 - 2016-02-04 18:44 - 000000000 ___HD C:\Windows\ELAMBKUP 2017-12-06 16:44 - 2016-02-04 18:27 - 000032768 ___SH C:\Windows\system32\config\ELAM 2017-12-06 16:42 - 2015-07-10 02:05 - 000000000 ____D C:\Users\Default.migrated 2017-12-06 16:41 - 2016-12-25 11:30 - 000000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-12-06 10:49 - 2016-02-04 18:44 - 000000000 ____D C:\Windows\system32\NDF 2017-12-05 14:07 - 2016-12-25 11:18 - 000000000 ____D C:\Users\Jackson 2017-12-05 12:30 - 2016-02-04 18:44 - 000000000 ____D C:\Windows\AppReadiness ==================== Files in the root of some directories ======= 2017-04-30 15:16 - 2017-04-30 15:16 - 007649280 _____ () C:\Program Files (x86)\GUT5A7F.tmp 2016-12-27 03:37 - 2017-08-25 19:37 - 000000372 _____ () C:\Users\Jackson\AppData\Roaming\WB.CFG 2017-11-06 16:23 - 2017-11-06 16:23 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{012C5BE1-3C4F-47BF-9724-39A6D4BA27D2} 2017-11-08 11:41 - 2017-11-08 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{0CEF6EE5-6CC4-4454-BF58-E0961808F361} 2017-11-05 16:23 - 2017-11-05 16:23 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{108AC21E-D452-4E65-ADE7-5AC6881AD065} 2017-11-12 11:41 - 2017-11-12 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{12E2183F-4F56-4087-BE4D-DCD6F4901748} 2017-11-11 11:41 - 2017-11-11 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{2D8B4628-137E-4D53-B12D-1E32B9392308} 2017-11-07 11:41 - 2017-11-07 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{7B6D86EA-8AE1-4C92-9341-509C2F8D98FC} 2017-11-06 11:41 - 2017-11-06 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{905893C6-CD44-48C9-8382-C9103949A31E} 2017-11-09 11:41 - 2017-11-09 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{91BB215D-348C-48C3-930D-68827910FC75} 2017-11-10 11:41 - 2017-11-10 11:41 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{92840899-547E-4A07-BF4A-328AB94BAB8B} 2017-11-10 16:23 - 2017-11-10 16:23 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{DBFE3CBC-AE44-495A-B62A-768902091F17} 2017-11-09 16:23 - 2017-11-09 16:23 - 000000000 _____ () C:\Users\Jackson\AppData\Local\{FF4D2A4A-271E-4E14-A724-826440238BB7} Some files in TEMP: ==================== 2017-01-04 18:14 - 2017-04-20 08:17 - 000050720 _____ (HP Inc.) C:\Users\Jackson\AppData\Local\Temp\ACLMInstaller.exe 2017-12-06 10:48 - 2017-12-06 10:48 - 001676288 _____ (Opera Software) C:\Users\Jackson\AppData\Local\Temp\Opera_installer_20171264831425.dll 2017-07-25 22:10 - 2017-08-25 18:58 - 006457520 _____ (Microsoft Corporation) C:\Users\Jackson\AppData\Local\Temp\Windows10Upgrade.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2017-12-05 12:47 ==================== End of FRST.txt ============================