Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Website opens at random.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Wildfiregg

Wildfiregg

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 September 2017 - 07:23 PM

Every day at 1:04 AM CET I get a random sh.st shortened url website opening. I once tried to go past the ads and go to the site for the heck of it, but got redirected by my avast away from it, so i suspect nothing good of it, and i have no idea where i can find how to get rid of it. Nothing points to it in my control panel, downloaded programs etc etc. I've used CCleaner to clear registry, Malwarebytes, Avast, nothing shows up so I'm trying my luck now here.

FRST LOG:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02
Ran by shift (administrator) on EMILS-PC (14-09-2017 02:16:20)
Running from C:\Users\shift\Downloads
Loaded Profiles: shift &  (Available Profiles: shift)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Discord Inc.) C:\Users\shift\AppData\Local\Discord\app-0.0.298\Discord.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Discord Inc.) C:\Users\shift\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\shift\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Spotify Ltd) C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe
(juvlarN) C:\Users\shift\Desktop\vibranceGUI.exe
(f.lux Software LLC) C:\Users\shift\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\shift\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPEE.EXE
(Spotify Ltd) C:\Users\shift\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.2271.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\FACEIT AC\faceitclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NahimicVRSvc32] => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [985784 2017-04-04] (A-Volute)
HKLM\...\Run: [NahimicVRSvc64] => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142456 2017-04-04] (A-Volute)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17662072 2017-07-11] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-04] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-22] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [MSI Gaming Lan Manager] => C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe [4471736 2017-06-08] (Micro-Star INT'L CO., LTD.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [Discord] => C:\Users\shift\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [Spotify] => C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-12] (Spotify Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [vibranceGUI] => C:\Users\shift\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [f.lux] => C:\Users\shift\AppData\Local\FluxSoftware\Flux\flux.exe [1661432 2017-08-04] (f.lux Software LLC)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [WallpaperEngine] => "D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe" -silent
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [RuneApps Alt1] => C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe [1521664 2017-08-30] (RuneApps)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPEE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Run: [Spotify Web Helper] => C:\Users\shift\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-12] (Spotify Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [Discord] => C:\Users\shift\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [Spotify] => C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-12] (Spotify Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [vibranceGUI] => C:\Users\shift\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [f.lux] => C:\Users\shift\AppData\Local\FluxSoftware\Flux\flux.exe [1661432 2017-08-04] (f.lux Software LLC)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [WallpaperEngine] => "D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe" -silent
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [RuneApps Alt1] => C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe [1521664 2017-08-30] (RuneApps)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPEE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Run: [Spotify Web Helper] => C:\Users\shift\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-12] (Spotify Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [Discord] => C:\Users\shift\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [Spotify] => C:\Users\shift\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-12] (Spotify Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [vibranceGUI] => C:\Users\shift\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [f.lux] => C:\Users\shift\AppData\Local\FluxSoftware\Flux\flux.exe [1661432 2017-08-04] (f.lux Software LLC)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [WallpaperEngine] => "D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe" -silent
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [RuneApps Alt1] => C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe [1521664 2017-08-30] (RuneApps)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPEE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Run: [Spotify Web Helper] => C:\Users\shift\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-12] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-08-28]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-08-10]
ShortcutTarget: Twitch.lnk -> C:\Users\shift\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{504e3a41-bf71-463d-8753-d58cda81315e}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKU\S-1-5-21-3566702826-3063218439-588629531-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3566702826-3063218439-588629531-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: m91rjjdu.default
FF ProfilePath: C:\Users\shift\AppData\Roaming\Mozilla\Firefox\Profiles\m91rjjdu.default [2017-09-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m91rjjdu.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\m91rjjdu.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\m91rjjdu.default -> hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_gmshp_17_36&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtDtAzz0B0FtByD0FtD0FtN0D0Tzu0StBtDyBzztN1L2XzutAtFtBzytFtCtDyEtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzytB0B0A0DyCyBtGtAzzyCyEtG0A0EzztDtGtDtCyE0EtGtDtCtD0DtAyBzztCtA0DyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0DtA0FtDtB0BtGyDtA0AzztGyEyC0ByCtG0ByB0BtCtG0A0B0EtDtCyE0ByCtA0AtCyB2QtN0A0LzutD%26cr%3D1880969302%26a%3Dwnf_gmshp_17_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
FF Keyword.URL: Mozilla\Firefox\Profiles\m91rjjdu.default -> user_pref("keyword.URL", true);
FF Extension: (Avast SafePrice) - C:\Users\shift\AppData\Roaming\Mozilla\Firefox\Profiles\m91rjjdu.default\Extensions\sp@avast.com.xpi [2017-09-12]
FF Extension: (Avast Online Security) - C:\Users\shift\AppData\Roaming\Mozilla\Firefox\Profiles\m91rjjdu.default\Extensions\wrc@avast.com.xpi [2017-09-04]
FF Extension: (Adblock Plus) - C:\Users\shift\AppData\Roaming\Mozilla\Firefox\Profiles\m91rjjdu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-03]
FF SearchPlugin: C:\Users\shift\AppData\Roaming\Mozilla\Firefox\Profiles\m91rjjdu.default\searchplugins\yahoo! powered.xml [2017-09-09]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-28] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (Google Slides) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-09-13]
CHR Extension: (Google Docs) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Adblock Plus) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-28]
CHR Extension: (Watch2Gether) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2017-07-28]
CHR Extension: (Avast SafePrice) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-09-13]
CHR Extension: (Google Sheets) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (Avast Online Security) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-23]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-09-06]
CHR Extension: (The Great Suspender) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-09-04]
CHR Extension: (SteamWizard) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\kojolejmgolbhakghocbgjemjgbmcjig [2017-07-28]
CHR Extension: (Morpheon Dark) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-09-05]
CHR Extension: (Search Manager) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR HKU\S-1-5-21-3566702826-3063218439-588629531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3566702826-3063218439-588629531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-04] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-07-29] ()
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [598872 2016-11-11] (cFos Software GmbH)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-09-10] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-11] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [75192 2017-04-05] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24424 2016-08-12] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-04] (AVAST Software)
R0 FACEIT; C:\WINDOWS\System32\Drivers\FACEIT.sys [8724480 2017-09-11] ()
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-07-11] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-09-08] (Malwarebytes)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-03-08] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S1 dvhjluth; \??\C:\WINDOWS\system32\drivers\dvhjluth.sys [X]
S1 dwfluznp; \??\C:\WINDOWS\system32\drivers\dwfluznp.sys [X]
S1 kngjfvxi; \??\C:\WINDOWS\system32\drivers\kngjfvxi.sys [X]
S1 mwzbriwp; \??\C:\WINDOWS\system32\drivers\mwzbriwp.sys [X]
S1 ngahevis; \??\C:\WINDOWS\system32\drivers\ngahevis.sys [X]
S1 vtlnghke; \??\C:\WINDOWS\system32\drivers\vtlnghke.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 02:16 - 2017-09-14 02:16 - 000038270 _____ C:\Users\shift\Downloads\FRST.txt
2017-09-14 02:16 - 2017-09-14 02:16 - 000000000 ____D C:\FRST
2017-09-14 02:15 - 2017-09-14 02:15 - 002398208 _____ (Farbar) C:\Users\shift\Downloads\FRST64.exe
2017-09-13 20:07 - 2017-09-13 20:07 - 003441178 _____ C:\Users\shift\Desktop\wildfirelogopsd.psd
2017-09-13 19:59 - 2017-09-13 20:00 - 000096261 _____ C:\Users\shift\Downloads\super_retro_m54.zip
2017-09-13 19:58 - 2017-09-13 19:58 - 000244773 _____ C:\Users\shift\Downloads\road_rage.zip
2017-09-13 19:25 - 2017-09-13 19:25 - 000000000 ____D C:\Users\shift\Desktop\images
2017-09-13 19:22 - 2017-09-13 19:36 - 000830708 _____ C:\Users\shift\Desktop\WFL.psd
2017-09-13 19:06 - 2017-09-13 19:06 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-09-13 19:06 - 2017-09-13 19:06 - 000000000 ____D C:\Users\shift\OneDrive\Documents\Adobe
2017-09-13 19:04 - 2017-09-13 21:45 - 040291381 _____ C:\Users\shift\Desktop\WFL.ai
2017-09-13 13:15 - 2017-09-13 13:15 - 000000000 ___HD C:\OneDriveTemp
2017-09-12 20:04 - 2017-09-12 20:04 - 000250535 _____ C:\Users\shift\Downloads\boarding-pass.pdf
2017-09-11 21:08 - 2017-09-11 20:09 - 187141645 _____ C:\Users\shift\Desktop\Nutty play.dem
2017-09-11 21:07 - 2017-09-11 21:08 - 112393912 _____ C:\Users\shift\Downloads\0baada9a-741b-4ae8-a81a-5ef294b79da6.dem.gz
2017-09-11 11:20 - 2017-09-12 15:01 - 000380046 _____ C:\Users\shift\Desktop\WF.ai
2017-09-10 21:11 - 2017-09-10 21:13 - 000779304 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-10 21:11 - 2017-09-10 21:11 - 000000000 ____D C:\Users\shift\AppData\Roaming\EasyAntiCheat
2017-09-10 21:11 - 2017-09-10 21:11 - 000000000 ____D C:\Users\shift\AppData\Local\HirezLauncherUI
2017-09-10 21:11 - 2017-09-10 20:42 - 000382504 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-09-10 21:10 - 2017-09-10 21:11 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2017-09-10 21:10 - 2017-09-10 21:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-10 21:10 - 2017-09-10 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-09-10 21:10 - 2017-09-10 21:10 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-10 20:42 - 2017-09-10 20:42 - 000000222 _____ C:\Users\shift\Desktop\Paladins.url
2017-09-10 18:41 - 2017-09-10 18:41 - 000006821 _____ C:\Users\shift\AppData\Local\recently-used.xbel
2017-09-10 18:04 - 2017-09-10 18:04 - 000090972 _____ C:\Users\shift\Downloads\delirium_2.zip
2017-09-10 17:36 - 2017-09-10 17:36 - 000020179 _____ C:\Users\shift\Downloads\mestizos_unidos.zip
2017-09-10 17:22 - 2017-09-10 17:22 - 000002531 _____ C:\Users\Public\Desktop\GimpShop.lnk
2017-09-10 17:22 - 2017-09-10 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GimpShop
2017-09-10 17:22 - 2017-09-10 17:22 - 000000000 ____D C:\Program Files (x86)\GimpShop
2017-09-10 17:20 - 2017-09-10 17:20 - 019756156 _____ (The qBittorrent project) C:\Users\shift\Downloads\qbittorrent_3.3.16_x64_setup.exe
2017-09-10 16:59 - 2017-09-10 16:59 - 000380276 _____ C:\Users\shift\Desktop\Untitled-1.ai
2017-09-10 13:28 - 2017-09-13 19:10 - 000000034 _____ C:\Users\shift\AppData\Roaming\AdobeWLCMCache.dat
2017-09-10 13:28 - 2017-09-13 19:07 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-09-10 13:28 - 2017-09-10 13:28 - 000003648 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-shiftsmg@gmail.com
2017-09-10 13:28 - 2017-09-10 13:28 - 000001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2017-09-10 13:28 - 2017-09-10 13:28 - 000000000 ____D C:\Users\shift\AppData\LocalLow\Adobe
2017-09-10 13:27 - 2017-09-13 19:05 - 000000000 ____D C:\Program Files\Adobe
2017-09-10 13:27 - 2017-09-10 13:27 - 000000000 ____D C:\ProgramData\ALM
2017-09-10 13:26 - 2017-09-13 19:06 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-09-10 13:26 - 2017-09-13 19:04 - 000001615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-09-10 13:26 - 2017-09-13 19:04 - 000001603 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2017-09-10 12:43 - 2017-09-10 13:13 - 000000000 ____D C:\Users\shift\AppData\Local\gtk-2.0
2017-09-10 11:37 - 2017-09-10 11:38 - 000000000 ____D C:\Users\shift\OneDrive\Documents\MusicBot
2017-09-10 11:37 - 2017-07-15 20:26 - 080220513 _____ C:\Users\shift\OneDrive\Documents\MusicBot.rar
2017-09-10 11:29 - 2017-09-10 11:29 - 000000000 ____D C:\Users\shift\.thumbnails
2017-09-10 11:20 - 2017-09-10 11:20 - 000001003 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-09-10 11:20 - 2017-09-10 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-09-10 11:20 - 2017-09-10 11:20 - 000000000 ____D C:\Program Files (x86)\epson
2017-09-10 11:20 - 2014-06-03 00:00 - 000472064 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2017-09-10 11:20 - 2012-05-17 00:00 - 000144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2017-09-10 11:19 - 2017-09-10 11:20 - 028172288 _____ C:\Users\shift\Downloads\epson513640eu.exe
2017-09-10 11:19 - 2017-09-10 11:19 - 000004142 _____ C:\WINDOWS\System32\Tasks\EPSON XP-332 335 Series Update {077D8912-7296-45FC-85B9-0FAF19D33BC6}
2017-09-10 11:19 - 2017-09-10 11:19 - 000000937 _____ C:\WINDOWS\Tasks\EPSON XP-332 335 Series Update {077D8912-7296-45FC-85B9-0FAF19D33BC6}.job
2017-09-10 11:19 - 2017-09-10 11:19 - 000000000 ____D C:\Program Files\Common Files\EPSON
2017-09-10 11:10 - 2017-09-10 11:19 - 000000000 ____D C:\ProgramData\EPSON
2017-09-10 11:10 - 2014-03-05 04:06 - 000180224 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMBPEE.DLL
2017-09-10 11:10 - 2011-03-15 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BPEE.DLL
2017-09-10 11:09 - 2017-09-10 11:09 - 031264768 _____ C:\Users\shift\Downloads\epson513639eu.exe
2017-09-10 10:52 - 2017-09-10 19:27 - 000000000 ____D C:\Users\shift\.gimp-2.8
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\Users\shift\AppData\Local\gegl-0.2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\Users\shift\AppData\Local\fontconfig
2017-09-10 10:42 - 2017-09-10 10:42 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-09-10 10:42 - 2017-09-10 10:42 - 000000927 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2017-09-10 10:42 - 2017-09-10 10:42 - 000000000 ____D C:\Program Files\GIMP 2
2017-09-09 09:47 - 2017-09-09 09:48 - 000000000 ____D C:\Users\shift\Desktop\New folder (2)
2017-09-09 09:42 - 2017-09-09 09:42 - 089579672 _____ (The GIMP Team ) C:\Users\shift\Downloads\gimp-2.8.22-setup.exe
2017-09-09 09:39 - 2017-09-09 09:39 - 002135104 _____ ( ) C:\Users\shift\Downloads\Gimpshop (1).exe
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Users\shift\AppData\Local\{01A537F9-250D-5B41-4895-7EA96CFD8231}
2017-09-09 09:38 - 2017-09-09 09:38 - 002135104 _____ ( ) C:\Users\shift\Downloads\Gimpshop.exe
2017-09-08 20:47 - 2017-09-08 20:47 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-08 20:47 - 2017-09-08 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-06 12:29 - 2017-09-06 12:29 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-06 12:29 - 2017-09-06 12:29 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-06 12:29 - 2017-09-06 12:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-06 12:29 - 2017-09-06 12:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-06 02:17 - 2017-09-06 02:18 - 108341282 _____ C:\Users\shift\Downloads\obs-browser-1.29.zip
2017-09-06 02:16 - 2017-09-06 02:17 - 090894256 _____ C:\Users\shift\Downloads\OBS-Studio-0.14.1-With-Browser-Installer (1).exe
2017-09-06 02:16 - 2017-09-06 02:16 - 000000000 ____D C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-09-06 02:14 - 2017-09-06 02:15 - 090894256 _____ C:\Users\shift\Downloads\OBS-Studio-0.14.1-With-Browser-Installer.exe
2017-09-06 02:07 - 2017-09-06 02:18 - 000000000 ____D C:\Users\shift\AppData\Roaming\streamlabels
2017-09-06 02:07 - 2017-09-06 02:16 - 000000000 ____D C:\Users\shift\Desktop\Streamtext
2017-09-06 02:07 - 2017-09-06 02:07 - 000002383 _____ C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2017-09-06 02:07 - 2017-09-06 02:07 - 000002375 _____ C:\Users\shift\Desktop\StreamLabels.lnk
2017-09-06 02:07 - 2017-09-06 02:07 - 000000000 ____D C:\Users\shift\Downloads\obs-browser-darwinx64-cefx64-1.0-6-g5980e5a-installer
2017-09-06 02:06 - 2017-09-06 02:07 - 034390310 _____ C:\Users\shift\Downloads\obs-browser-darwinx64-cefx64-1.0-6-g5980e5a-installer.dmg
2017-09-06 02:06 - 2017-09-06 02:06 - 065359168 _____ (Streamlabs) C:\Users\shift\Downloads\streamlabels+setup.exe
2017-09-06 00:10 - 2017-09-06 01:48 - 000000000 ____D C:\Users\shift\AppData\Roaming\vlc
2017-09-04 02:55 - 2017-09-04 02:55 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-04 02:54 - 2017-09-04 02:54 - 004204032 _____ (crosire) C:\Users\shift\Downloads\ReShade_Setup_3.0.8 (1).exe
2017-09-04 02:48 - 2017-09-04 02:48 - 004204032 _____ (crosire) C:\Users\shift\Downloads\ReShade_Setup_3.0.8.exe
2017-09-01 00:35 - 2017-09-01 00:35 - 000000222 _____ C:\Users\shift\Desktop\H1Z1 King of the Kill.url
2017-08-31 21:40 - 2017-09-01 17:04 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-08-31 21:40 - 2017-08-31 22:51 - 000000000 ____D C:\Users\shift\OneDrive\Documents\Arma 3
2017-08-31 21:40 - 2017-08-31 22:51 - 000000000 ____D C:\Users\shift\AppData\Local\Arma 3 Launcher
2017-08-31 21:40 - 2017-08-31 21:41 - 000000000 ____D C:\Users\shift\AppData\Local\Arma 3
2017-08-31 21:40 - 2017-08-31 21:40 - 000000000 ____D C:\Users\shift\AppData\Local\Bohemia_Interactive
2017-08-31 21:40 - 2017-08-31 21:40 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2017-08-31 19:08 - 2017-08-31 19:08 - 000000222 _____ C:\Users\shift\Desktop\Arma 3.url
2017-08-30 07:06 - 2017-09-10 08:50 - 000000000 ____D C:\Users\shift\AppData\Local\Alt1Toolkit
2017-08-30 07:06 - 2017-08-30 07:06 - 041088000 _____ (RuneApps) C:\Users\shift\Downloads\Setup.exe
2017-08-30 07:06 - 2017-08-30 07:06 - 000002645 _____ C:\Users\shift\Desktop\Alt1 Toolkit.lnk
2017-08-30 07:06 - 2017-08-30 07:06 - 000000000 ____D C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps
2017-08-25 18:43 - 2017-08-25 18:43 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-25 18:43 - 2017-08-22 00:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-25 18:43 - 2017-06-15 21:32 - 000541984 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-25 18:43 - 2017-06-15 21:32 - 000525088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-25 18:43 - 2017-06-15 21:32 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-25 18:43 - 2017-06-15 21:32 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-25 18:41 - 2017-08-22 03:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001289840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001007280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-25 18:41 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-25 18:41 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-24 15:38 - 2017-09-06 01:43 - 000000000 ____D C:\Users\shift\AppData\Local\CrashDumps
2017-08-24 15:37 - 2017-08-24 15:37 - 000000000 ____D C:\Users\shift\AppData\Local\DBG
2017-08-15 22:27 - 2017-08-15 22:27 - 000003013 _____ C:\Users\shift\Downloads\19014_Riot Rainbows.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 02:12 - 2017-07-28 21:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-14 02:00 - 2017-07-28 21:47 - 000000000 ____D C:\Users\shift\AppData\Local\Adobe
2017-09-14 01:05 - 2017-07-28 23:11 - 000000000 ____D C:\Users\shift\BrawlhallaReplays
2017-09-14 00:49 - 2017-07-28 22:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-14 00:30 - 2017-07-28 22:04 - 000000000 ____D C:\Users\shift\AppData\Roaming\Spotify
2017-09-13 21:43 - 2017-08-10 17:30 - 000000000 ____D C:\Users\shift\AppData\Roaming\obs-studio
2017-09-13 21:42 - 2017-08-13 00:08 - 000000000 ____D C:\Users\shift\AppData\Roaming\TS3Client
2017-09-13 21:41 - 2017-07-28 21:38 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-13 19:09 - 2017-07-28 22:04 - 000000000 ____D C:\Users\shift\AppData\Local\Spotify
2017-09-13 19:07 - 2017-07-28 20:48 - 000000000 ____D C:\Users\shift\AppData\Roaming\Adobe
2017-09-13 19:05 - 2017-07-28 21:47 - 000000000 ____D C:\ProgramData\Adobe
2017-09-13 18:07 - 2017-07-28 21:38 - 000000000 ____D C:\Users\shift
2017-09-13 16:36 - 2017-07-29 00:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 16:35 - 2017-07-29 00:49 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 16:35 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 15:06 - 2017-07-28 22:05 - 000000000 ___RD C:\Users\shift\Dropbox
2017-09-13 13:18 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-13 13:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-13 13:15 - 2017-07-28 20:50 - 000000000 ___RD C:\Users\shift\OneDrive
2017-09-13 00:00 - 2017-07-28 21:53 - 000000000 ____D C:\Users\shift\AppData\LocalLow\Mozilla
2017-09-12 21:37 - 2017-07-29 00:57 - 000000000 ____D C:\Users\shift\AppData\Local\Jagex
2017-09-12 21:37 - 2017-07-29 00:57 - 000000000 ____D C:\ProgramData\Jagex
2017-09-11 17:25 - 2017-08-04 11:56 - 000000000 ____D C:\Program Files\FACEIT AC
2017-09-11 17:24 - 2017-08-04 11:58 - 008724480 _____ C:\WINDOWS\system32\Drivers\FACEIT.sys
2017-09-10 22:51 - 2017-07-28 22:42 - 000000000 ____D C:\Users\shift\AppData\Roaming\steelseries-engine-3-client
2017-09-10 21:11 - 2017-08-06 04:38 - 000000000 ____D C:\Users\shift\OneDrive\Documents\My Games
2017-09-10 17:57 - 2017-07-29 02:07 - 000000000 ____D C:\Users\shift\AppData\Roaming\qBittorrent
2017-09-10 13:32 - 2017-07-28 22:00 - 000000000 ____D C:\Users\shift\AppData\Roaming\Notepad++
2017-09-10 11:22 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-08 20:47 - 2017-07-28 22:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-08 17:33 - 2017-07-28 21:45 - 001154806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-08 17:28 - 2017-07-28 21:48 - 000000000 ____D C:\Users\shift\AppData\Roaming\discord
2017-09-08 17:27 - 2017-07-29 02:44 - 000004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1501289067
2017-09-08 17:27 - 2017-07-29 02:44 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-09-08 17:27 - 2017-07-29 02:35 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 17:27 - 2017-07-28 21:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-08 17:27 - 2017-07-28 21:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-08 17:27 - 2017-07-28 21:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-07 22:16 - 2017-08-13 00:08 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-09-07 21:29 - 2017-07-28 21:41 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3566702826-3063218439-588629531-1001
2017-09-07 21:29 - 2017-07-28 20:50 - 000002363 _____ C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-05 23:27 - 2017-07-29 00:57 - 000000000 ____D C:\Users\shift\AppData\Roaming\NVIDIA
2017-09-04 22:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-04 02:55 - 2017-07-29 02:44 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-09-04 02:55 - 2017-07-29 02:42 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-04 02:55 - 2017-07-29 02:42 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-09-04 02:55 - 2017-07-29 02:41 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-09-04 02:55 - 2017-07-29 02:41 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-09-02 23:24 - 2017-07-28 23:33 - 000000000 ____D C:\Users\shift\AppData\Local\NVIDIA Corporation
2017-09-02 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 04:35 - 2017-07-28 21:38 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-01 04:34 - 2017-03-18 13:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2017-08-30 07:06 - 2017-07-28 21:48 - 000000000 ____D C:\Users\shift\AppData\Local\SquirrelTemp
2017-08-29 03:06 - 2017-08-10 17:57 - 000000000 ____D C:\Users\shift\AppData\Roaming\Twitch
2017-08-29 01:07 - 2017-07-28 20:48 - 000000000 ____D C:\Users\shift\AppData\Local\Packages
2017-08-28 21:28 - 2017-07-28 21:47 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 21:28 - 2017-07-28 21:47 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-25 18:44 - 2017-07-28 21:38 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-25 18:44 - 2017-07-28 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-25 15:08 - 2017-07-28 23:33 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 15:08 - 2017-07-28 23:33 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-25 15:08 - 2017-07-28 21:38 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-22 03:01 - 2017-07-28 23:33 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-22 03:01 - 2017-05-19 18:47 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-22 03:01 - 2017-05-19 18:47 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-22 03:01 - 2017-05-19 15:22 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-22 01:10 - 2017-07-28 21:38 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-22 01:10 - 2017-07-28 21:38 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-22 01:10 - 2017-07-28 21:38 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-22 01:10 - 2017-07-28 21:38 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-22 01:10 - 2017-07-28 21:38 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-22 01:10 - 2017-07-28 21:38 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-22 01:10 - 2017-07-28 21:38 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-22 00:54 - 2017-07-28 21:38 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-19 09:10 - 2017-07-28 21:38 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-18 06:37 - 2017-07-28 23:33 - 001923008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-18 06:37 - 2017-07-28 23:33 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-18 06:37 - 2017-07-28 23:33 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-18 06:37 - 2017-07-28 23:33 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-18 06:37 - 2017-07-28 23:33 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-18 06:36 - 2017-07-28 23:33 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-18 06:36 - 2017-07-28 23:33 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-18 00:16 - 2017-07-28 21:53 - 000000000 ____D C:\Users\shift\AppData\Local\Google
2017-08-17 18:26 - 2017-07-28 23:33 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-17 17:56 - 2017-08-04 11:55 - 000000000 ____D C:\Users\shift\AppData\Roaming\FACEIT
2017-08-15 13:29 - 2017-06-30 21:21 - 001804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-08-15 13:29 - 2017-06-30 21:21 - 000045936 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
 
==================== Files in the root of some directories =======
 
2017-09-10 13:28 - 2017-09-13 19:10 - 000000034 _____ () C:\Users\shift\AppData\Roaming\AdobeWLCMCache.dat
2017-09-10 18:41 - 2017-09-10 18:41 - 000006821 _____ () C:\Users\shift\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
2017-09-09 09:39 - 2017-09-09 09:39 - 002135104 _____ (                                                            ) C:\Users\shift\AppData\Local\Temp\ICReinstall_Gimpshop.exe
2017-08-03 11:44 - 2017-08-10 00:21 - 000758288 _____ (NVIDIA Corporation) C:\Users\shift\AppData\Local\Temp\nvSCPAPI.dll
2017-08-03 11:44 - 2017-08-10 00:21 - 000873136 _____ (NVIDIA Corporation) C:\Users\shift\AppData\Local\Temp\nvSCPAPI64.dll
2017-08-14 20:44 - 2017-08-10 00:21 - 000390072 _____ (NVIDIA Corporation) C:\Users\shift\AppData\Local\Temp\nvStereoApiI.dll
2017-08-14 20:42 - 2017-08-10 00:21 - 000368576 _____ (NVIDIA Corporation) C:\Users\shift\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-13 00:14
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by shift (14-09-2017 02:16:47)
Running from C:\Users\shift\Downloads
Windows 10 Pro Version 1703 (X64) (2017-07-28 19:43:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3566702826-3063218439-588629531-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3566702826-3063218439-588629531-503 - Limited - Disabled)
Guest (S-1-5-21-3566702826-3063218439-588629531-501 - Limited - Disabled)
shift (S-1-5-21-3566702826-3063218439-588629531-1001 - Administrator - Enabled) => C:\Users\shift
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Alt1 Toolkit (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Alt1Toolkit) (Version: 1.4.5 - RuneApps)
Alt1 Toolkit (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Alt1Toolkit) (Version: 1.4.5 - RuneApps)
Alt1 Toolkit (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Alt1Toolkit) (Version: 1.4.5 - RuneApps)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
APOInstallerMSISetup (HKLM\...\{BA0ED0D9-A18E-4722-9351-799A04EF64C5}) (Version: 1.0.7 - Nahimic) Hidden
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{2EDC8C4A-A125-4D46-81E8-782B9A94B0C9}) (Version: 1.0.701 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
cFosSpeed v10.21 (HKLM\...\cFosSpeed) (Version: 10.21 - cFos Software GmbH, Bonn)
Core Temp 1.9 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.9 - ALCPU)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z MSI 1.79.1 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.79.1 - CPUID, Inc.)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EndpointMonitoringMSISetup (HKLM\...\{0503C5BC-407F-4CD5-8BBB-7DEDB0B7E52C}) (Version: 1.0.701 - Nahimic) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-332 335 Series Printer Uninstall (HKLM\...\EPSON XP-332 335 Series) (Version:  - Seiko Epson Corporation)
f.lux (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Flux) (Version:  - f.lux Software LLC)
FACEIT 0.7.0 (only current user) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\1b460c18-2611-5297-a1a8-4f35160a268c) (Version: 0.7.0 - FACEIT Ltd.)
FACEIT 0.7.0 (only current user) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\1b460c18-2611-5297-a1a8-4f35160a268c) (Version: 0.7.0 - FACEIT Ltd.)
FACEIT 0.7.0 (only current user) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\1b460c18-2611-5297-a1a8-4f35160a268c) (Version: 0.7.0 - FACEIT Ltd.)
FACEIT AC version 1.0 (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 1.0 - FACEIT LTD)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GimpShop 2.8 (HKLM-x32\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Google Chrome (HKLM\...\{4FC9E77C-E167-397D-9177-17413300902A}) (Version: 60.0.3112.113 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.108 - Logitech Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Medieval II: Total War (HKLM\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft OneDrive (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-GB)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0a1 - Mozilla)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.10 - MSI)
MSI Gaming Lan Manager (HKLM-x32\...\{3318282C-D4D6-4B29-BBD5-95FC34B54FF0}_is1) (Version: 1.0.0.43 - MSI)
MSI Smart Tool (HKLM-x32\...\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1) (Version: 1.0.0.18 - MSI)
Nahimic VR (HKLM-x32\...\{cb762380-efd6-408a-9f90-0c66625b1799}) (Version: 1.0.7 - Nahimic)
NineEarsSettingsConfigurator (HKLM\...\{1CC2FA3D-7EF1-4A00-BB3E-B25D07AA9A44}) (Version: 1.0.701 - Nahimic) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 2016  KMS Activator Ultimate v1.1 Final (HKLM\...\Office 2016  KMS Activator Ultimate v1.1 Final_is1) (Version: v1.1 Final - )
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlanetSide 2 (HKLM\...\Steam App 218230) (Version:  - Daybreak Game Company)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
ProductDaemonSetup (HKLM\...\{B7C3A849-F487-4239-9CC4-92EFA7E094AD}) (Version: 1.0.701 - Nahimic) Hidden
Python 3.5.0 (64-bit) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Core Interpreter (64-bit) (HKLM\...\{9D059C5B-80A5-46AA-BC8A-FD41E89D0A49}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (64-bit) (HKLM\...\{6EA6724A-71C6-43EE-BE9F-80E3C0DC8A4F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (64-bit) (HKLM\...\{3B016F3B-917E-477F-920A-BBBA12E09F8B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (64-bit) (HKLM\...\{9C67D7CC-26D3-4535-9D0A-F4591AD9B11F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{A095BD6B-4F39-46A4-9AA1-8F7296492974}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (64-bit) (HKLM\...\{6ADAF31E-EEE6-4251-BE5A-EFD7868D3930}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (64-bit) (HKLM\...\{5741118B-D61A-4F27-BB80-0CAED22FE20B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (64-bit) (HKLM\...\{47483182-8783-45CB-9120-77FDB241E2FF}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (64-bit) (HKLM\...\{B2AB1292-01D1-4972-BF56-43531A2AA3BA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (64-bit) (HKLM\...\{2B5129D0-C4C1-4322-8888-D0B6CDA6DCD2}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
qBittorrent 3.3.14 (HKLM-x32\...\qBittorrent) (Version: 3.3.14 - The qBittorrent project)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Spotify (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
Spotify (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
Spotify (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
SSAudioDaemonMSISetup (HKLM\...\{AA2D2D37-8929-4788-9F30-7F3D3C482818}) (Version: 1.0.7 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.1 - SteelSeries ApS)
StreamLabels 0.2.5 (only current user) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.5 - Streamlabs)
StreamLabels 0.2.5 (only current user) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.5 - Streamlabs)
StreamLabels 0.2.5 (only current user) (HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.5 - Streamlabs)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.5 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
The Elder Scrolls Online: Tamriel Unlimited (HKLM\...\Steam App 306130) (Version:  - Zenimax Online Studios)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version:  - Iron Lore Entertainment)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1649A02D-F067-40F1-B9BC-9709999302B3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-28] (Dropbox, Inc.)
Task: {29B16AB3-7F64-4854-A7D1-132A658282D8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {2B340147-1B50-4343-8134-1332542542E5} - System32\Tasks\SafeZone scheduled Autoupdate 1501289067 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {386731C3-827E-4E0D-94C9-09C3B5A33E6F} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [2017-04-04] (A-Volute)
Task: {39325C96-C032-4123-93C0-A5AB4A8FEE65} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {3CCE4988-31F6-4FB0-BB7D-7EDDE43C3DB4} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "hxxp://sh.st/AeotZ" <==== ATTENTION
Task: {4F830869-EDE7-4DC0-8D74-ED7CAE715F45} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {57EF0077-2FA7-44EB-8FE0-A06B193DA468} - System32\Tasks\EPSON XP-332 335 Series Update {077D8912-7296-45FC-85B9-0FAF19D33BC6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {752C9FD7-BA8C-4D16-8447-E46DEC7A3B64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-28] (Google Inc.)
Task: {7B2512A4-7876-4D43-BA8C-6964D937EEE0} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
Task: {7D892686-CBF7-4D31-9363-1E4D604453B1} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {7F33EE0A-781A-4996-BDE3-DC99058BD7C6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-04] (AVAST Software)
Task: {8F526C2E-1AF4-4354-840F-BE562989F2EF} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-shiftsmg@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {92E74ECE-DFB3-49C6-8866-9453A22521DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {987D6A49-42CB-4077-BE5B-C21B02E9DDEB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-28] (Dropbox, Inc.)
Task: {A3B1DC40-3422-434A-A91A-F0E9E4D9C2F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-28] (Google Inc.)
Task: {BB7DFBF1-52EE-4E1B-AB3F-51DF0C0A012F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {BD2370F7-7D2B-4D0E-BDC5-19E7215F775C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {C7C749C4-7C92-4AE1-82F8-2518A1A05AE5} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [2017-04-04] (A-Volute)
Task: {D08508A3-A65E-4C79-B098-0E417C408325} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {D262A9AD-2B7E-46E6-BFA0-D70E52EDAC23} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {DBFFCC59-7018-4CF9-85B7-59AF28834781} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {DE831FC9-415B-4D49-A408-93D6DF8F16D2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {EA1FC178-BB9D-4B7C-AC6E-A8A0124874AD} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-332 335 Series Update {077D8912-7296-45FC-85B9-0FAF19D33BC6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPEE.EXE:/EXE:{077D8912-7296-45FC-85B9-0FAF19D33BC6} /F:UpdateWORKGROUP\EMILS-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - AfkWarden.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/afkscape/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Clue solver.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/clue/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - ColorGrabber.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/colorgrabber/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - D&D Notifications.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/notifications/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - DgKey.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/dgkey/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Droplogger.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/droplogger/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Farming Timer.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/farmtimer/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Fish Flingers.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/fishflingers/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Meg answers.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/meg/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Notepad.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/notepad/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - RS Wiki.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/object/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Stats.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/stats/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Stopwatch.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/timer/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Twitch.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/twitch/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - World map.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/map/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - XpMeter.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/xpmeter/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Youtube.lnk -> C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/youtube/appconfig.json
ShortcutWithArgument: C:\Users\shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-28 23:33 - 2017-08-18 06:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-28 21:38 - 2017-08-22 01:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-28 22:29 - 2016-06-14 17:35 - 000187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-24 03:04 - 2017-08-24 03:05 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-24 03:04 - 2017-08-24 03:05 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-24 03:04 - 2017-08-24 03:05 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-24 03:04 - 2017-08-24 03:05 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-07-11 00:35 - 2017-07-11 00:35 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-07-11 00:35 - 2017-07-11 00:35 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-09-01 14:31 - 2017-09-01 14:31 - 004345856 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.2271.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-08-29 21:25 - 2017-08-29 21:25 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.2271.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-08-28 21:28 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 21:28 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-12 11:06 - 2017-09-12 11:06 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-12 11:06 - 2017-09-12 11:06 - 029621760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-18 15:00 - 2017-08-18 15:00 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-18 15:00 - 2017-08-18 15:00 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-12 11:06 - 2017-09-12 11:06 - 020305920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-18 15:00 - 2017-08-18 15:00 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-12 11:06 - 2017-09-12 11:06 - 003028992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-07-28 21:26 - 2017-07-28 21:26 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-28 21:28 - 2017-07-28 21:28 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-18 15:00 - 2017-08-18 15:00 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-18 22:59 - 2017-03-20 05:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-28 22:30 - 2016-04-20 15:12 - 000772608 _____ () C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2017-07-28 22:29 - 2016-06-14 17:35 - 000163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-29 02:41 - 2017-07-29 02:41 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-04 02:55 - 2017-09-04 02:55 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-09 14:40 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\shift\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-09 14:40 - 2017-08-09 14:40 - 001577976 _____ () \\?\C:\Users\shift\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-09 14:40 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\shift\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-09 14:40 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\shift\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-09 14:40 - 2017-08-31 14:13 - 009622008 _____ () \\?\C:\Users\shift\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-09 14:40 - 2017-08-09 14:40 - 001440248 _____ () \\?\C:\Users\shift\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-13 13:15 - 2017-09-13 13:15 - 000148992 _____ () \\?\C:\Users\shift\AppData\Local\Temp\C973.tmp.node
2017-08-09 14:40 - 2017-08-09 14:40 - 002658296 _____ () \\?\C:\Users\shift\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-09 14:40 - 2017-08-09 14:40 - 002673656 _____ () \\?\C:\Users\shift\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-07-28 22:01 - 2017-08-04 23:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-07-28 22:01 - 2016-09-01 03:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-07-28 22:01 - 2017-09-07 06:51 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2017-07-28 22:01 - 2016-09-01 03:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-07-28 22:01 - 2016-09-01 03:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-07-28 22:01 - 2016-01-27 09:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-07-28 22:01 - 2016-01-27 09:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-07-28 22:01 - 2016-01-27 09:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-07-28 22:01 - 2016-01-27 09:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-07-28 22:01 - 2016-01-27 09:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-07-28 22:01 - 2017-09-07 06:51 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-07-28 22:01 - 2016-07-05 00:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-07-28 22:02 - 2017-07-18 00:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-07-28 22:02 - 2017-05-17 03:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-07-28 22:01 - 2015-09-25 01:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-28 22:04 - 2017-09-12 11:05 - 071818864 _____ () C:\Users\shift\AppData\Roaming\Spotify\libcef.dll
2017-07-28 23:44 - 2017-09-13 13:15 - 000163840 _____ () C:\Users\shift\AppData\Roaming\vibranceGUI\vibranceDLL.dll
2017-07-28 22:04 - 2017-09-12 11:05 - 002969200 _____ () C:\Users\shift\AppData\Roaming\Spotify\libglesv2.dll
2017-07-28 22:04 - 2017-09-12 11:05 - 000086640 _____ () C:\Users\shift\AppData\Roaming\Spotify\libegl.dll
2017-09-08 20:47 - 2017-09-06 12:29 - 000771392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-08 20:47 - 2017-09-06 12:29 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-07-28 22:04 - 2017-09-06 12:29 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-08 20:47 - 2017-09-06 12:31 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-08 20:47 - 2017-09-06 12:31 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-08 20:47 - 2017-09-06 12:31 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-08 20:47 - 2017-09-06 12:29 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-08 20:47 - 2017-09-06 12:29 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-07-28 22:04 - 2017-09-06 12:29 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-08 20:47 - 2017-09-06 12:29 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-08 20:47 - 2017-09-06 12:29 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-28 22:04 - 2017-09-06 12:34 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-08 20:47 - 2017-09-06 12:31 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 20:47 - 2017-09-06 12:35 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-07-28 22:04 - 2017-09-06 12:35 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-07-28 22:04 - 2017-09-06 12:35 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-07-28 22:04 - 2017-09-06 12:35 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-28 22:04 - 2017-09-06 12:35 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-28 22:04 - 2017-09-06 12:35 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-08 20:47 - 2017-09-06 12:31 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-28 22:04 - 2017-09-06 12:29 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-07-28 22:04 - 2017-09-06 12:35 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-08 20:47 - 2017-09-06 12:29 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-08 20:47 - 2017-09-06 12:31 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-08 20:47 - 2017-09-06 12:29 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-08 20:47 - 2017-09-06 12:31 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-07-28 22:04 - 2017-09-06 12:34 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-09-08 20:47 - 2017-09-06 12:32 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-07-28 22:04 - 2017-09-06 12:35 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-07-28 22:04 - 2017-09-06 12:34 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-08 20:47 - 2017-09-06 12:32 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-07-28 23:33 - 2017-08-18 06:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\shift\Desktop\wildfirewhiteback.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\shift\OneDrive\Documents\MusicBot.rar:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2017-09-13 19:09 - 000001027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320742\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324321\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320805\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324399\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\shift\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a5d393ce-1595-42bc-8946-19357a197936}.png
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Control Panel\Desktop\\Wallpaper -> C:\Users\shift\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a5d393ce-1595-42bc-8946-19357a197936}.png
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Control Panel\Desktop\\Wallpaper -> C:\Users\shift\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a5d393ce-1595-42bc-8946-19357a197936}.png
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run32: => "MSI Gaming Lan Manager"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001\...\StartupApproved\Run: => "RuneApps Alt1"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\...\StartupApproved\Run: => "RuneApps Alt1"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\...\StartupApproved\Run: => "RuneApps Alt1"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EDD161A2-EAC2-4484-9E94-F5D41BD0AAD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{964C9EFB-D146-4029-9A9D-5136CC46E171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1ED02A0A-A3D4-4CA8-80FC-9B7878AA944F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DB706100-79CA-457D-BDDD-B3D01920901E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CA426738-D493-4B32-9D02-F7AEA736FB8C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{E668D7A0-838E-4B13-A005-98C935445916}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{20DB78CD-49DF-445F-8689-D698FB0ECAC4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A72D189B-66C8-4760-87F3-DF6B6D600AA1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{23158B7E-04CE-438E-8E3C-D7D09AD5CDEE}C:\users\shift\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shift\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8289CAB4-D31E-4420-B953-9A0F66E2229E}C:\users\shift\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shift\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8BF2E7A1-D406-44D1-8A4B-6C62F2246BA1}] => (Allow) LPort=26789
FirewallRules: [{6D23314D-B502-46BE-A307-38A5D6308875}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D5BCA092-56BD-4092-9CCA-39F4BF10828F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{4D8C9A6F-F16E-4C83-AE40-932906591DF8}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{1F44704A-D961-44F2-945E-BA4EEBBEBE88}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B95BBA49-12D2-4F1E-915B-B6037DB55119}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2DFB1FAA-C249-4D41-8A3C-9E5700CB3842}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0EC5FB47-E15A-4B7C-93F4-79E9EB5E2BEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{41D9049D-A8FC-4600-8134-CDF26CE77D46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E9D63F38-8ED3-4EF0-B7EE-6A30166AE838}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{F060D701-73AF-4660-8B89-2FB3ABE14695}] => (Allow) D:\SteamLibrary\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{23C63175-9372-4427-9625-1F74BF537EC6}] => (Allow) D:\SteamLibrary\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{5F956BEE-31CD-4EE0-B89F-20DD1F293CA2}] => (Allow) D:\SteamLibrary\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{AFC73D58-D04D-493C-94B5-7D8916C40DC5}] => (Allow) D:\SteamLibrary\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{D77754BE-5015-4614-9984-E03DB4517C09}] => (Allow) D:\SteamLibrary\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{066BBB3E-3F2D-4996-BE69-B58325EAE6DC}] => (Allow) D:\SteamLibrary\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{C8070B80-D106-42C0-88AB-5377DA7D28CB}] => (Allow) D:\SteamLibrary\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{6DF8BB8C-BEA9-44FA-A6BD-125209B0CBFD}] => (Allow) D:\SteamLibrary\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{109B0308-37A7-45F1-92A3-D61223FBA173}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{B946D565-2373-4731-8B7D-1788CF1C38B5}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{844EB6EA-2427-4E99-9805-6808B6ADE2B0}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{E951E88E-597D-4F0C-9B3E-7F945561B1A1}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{14EE33E7-7B23-4C84-A44B-1DB188021FDE}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{A578976B-315C-49D9-8047-701CB65643FD}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{6A119253-29C3-41F6-BEBC-258745DA6ABD}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{55404700-9C2D-4D22-8D45-5C70C6026997}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{11C5161B-5F1C-4325-98BB-16A1AFBE87A5}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{D58F37C9-118B-4C2E-B218-83BAD83E98E9}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{8F4926C3-C01D-41DB-A7EF-7DF7B69687C2}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{44468B5A-679A-490E-BB9D-0CCC91DAD871}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{BBCC88AD-BB41-432D-8A55-8A59768E003D}] => (Allow) D:\SteamLibrary\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{AD51BDD9-8B59-4FC4-B269-8FC33B99C11A}] => (Allow) D:\SteamLibrary\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{80A797B3-6F9E-4702-B0A3-1EA2EEE5B498}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{01B1991E-8A0F-4ED1-9E1F-1C8F1E79CEF2}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{E8005A65-C5E7-4E23-B10D-89BB83A97EA1}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{05FB76A8-12B7-4A14-A51C-801D66F9C595}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [TCP Query User{078CD317-B0FA-4C14-9EA8-A780FBD22B90}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{2F2E91F1-B706-4AA3-92B2-7AAECBCE5156}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{2C98877D-C397-48C0-A762-8D3CB5DF5576}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{F5FE3B0D-8941-46AC-BE67-EC8487D8D425}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C313564-A4BF-41E3-9C12-8247C86FE1C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{96AF1362-A2CC-4CB6-95E5-2C7F4F47BF16}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{ADF7E270-BCC0-40B4-9C4E-6D2BB10F5290}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{8DEDDF65-3053-4E14-97AF-62397B2CA7AD}] => (Allow) D:\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{F31DBA24-FC41-4C57-8C56-C31A9AFA78A0}] => (Allow) D:\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{7AB8F830-0E45-4E19-8173-C05B4E76AF50}D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{6FAEE0A1-F089-487F-B56E-4EB1AF4EA5F1}D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{1F685421-7600-483C-9581-28E0D4F6A301}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{0E27DFAF-B380-4FD0-B57E-63C4BDEC17F7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{C040CA7C-CC75-4A88-8A6C-6C566BF5A964}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{CC240C04-F201-4EFB-B506-6A21B6EAAA54}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D18FA992-7091-47FA-B361-9E5B2B1F1838}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{05C53971-F6D4-47D8-B50E-63C5F18D3664}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C02E73EF-3140-4E5A-837E-A12C3CE479AD}] => (Allow) D:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B52DB1D1-EBC8-4D22-857F-1A5D261D7526}] => (Allow) D:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{50540DCC-7EAB-471A-91E0-4DDB687EE26D}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{D22A88CB-D3FC-4CF1-A0A8-A6CEF6B644EE}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
 
==================== Restore Points =========================
 
28-08-2017 01:57:01 Installed DirectX
05-09-2017 21:43:47 Scheduled Checkpoint
10-09-2017 13:26:56 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
10-09-2017 13:27:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
13-09-2017 16:33:44 Windows Update
13-09-2017 16:33:58 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2017 07:09:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (09/13/2017 07:07:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (09/13/2017 01:18:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (09/13/2017 01:15:17 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/12/2017 11:06:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (09/12/2017 11:04:46 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/11/2017 09:33:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (09/11/2017 09:30:36 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/10/2017 09:11:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (09/10/2017 05:03:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
 
System errors:
=============
Error: (09/08/2017 05:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/08/2017 05:27:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 06:33:33 on ‎08/‎09/‎2017 was unexpected.
 
Error: (09/08/2017 05:12:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/08/2017 05:12:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (09/03/2017 06:40:18 AM) (Source: DCOM) (EventID: 10010) (User: EMILS-PC)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
 
Error: (09/01/2017 05:04:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (09/01/2017 04:35:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (08/31/2017 09:40:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/30/2017 05:44:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/30/2017 05:44:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-25 16:13:07.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-25 16:13:07.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-24 15:14:35.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-24 15:14:04.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-24 15:14:04.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-15 22:38:18.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-15 22:38:18.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-10 17:29:03.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-10 17:29:03.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-10 17:28:31.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRDevProps.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Ryzen 5 1600 Six-Core Processor 
Percentage of memory in use: 35%
Total physical RAM: 16336.36 MB
Available physical RAM: 10465.87 MB
Total Virtual: 19640.59 MB
Available Virtual: 10131.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.49 GB) (Free:134.58 GB) NTFS
Drive d: () (Fixed) (Total:1863.02 GB) (Free:1548.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 713A097F)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:18 PM

Posted 13 September 2017 - 07:45 PM

Hi Wildfiregg :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions below.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Wildfiregg

Wildfiregg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 September 2017 - 09:17 PM

Thanks Aura!

By looking at the threats it found, I suppose a malware called FASTDATAX set up a schedule for the website popup, might be one of the other entries tho. I removed all the threats except for Alt1 entries, because they're harmless and I use the application that made them.


Here's the log:

 

RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : shift [Administrator]
Started from : C:\Users\shift\Downloads\RogueKiller_portable64.exe
Mode : Delete -- Date : 09/14/2017 03:55:24 (Duration : 00:18:01)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 24 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\csastats -> Deleted
[Adw.FastDataX] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\FastDataX -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\ProductSetup -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\csastats -> Deleted
[Adw.FastDataX] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\FastDataX -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\ProductSetup -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\csastats -> Not selected
[Adw.FastDataX] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\FastDataX -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\ProductSetup -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\csastats -> Deleted
[Adw.FastDataX] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\FastDataX -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\ProductSetup -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\csastats -> Not selected
[Adw.FastDataX] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\FastDataX -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\ProductSetup -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\csastats -> Deleted
[Adw.FastDataX] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\FastDataX -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\ProductSetup -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\Microsoft\Windows\CurrentVersion\Run | RuneApps Alt1 : "C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe" [-] -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001\Software\Microsoft\Windows\CurrentVersion\Run | RuneApps Alt1 : "C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe" [-] -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\Microsoft\Windows\CurrentVersion\Run | RuneApps Alt1 : "C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe" [-] -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110320883\Software\Microsoft\Windows\CurrentVersion\Run | RuneApps Alt1 : "C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe" [-] -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\Microsoft\Windows\CurrentVersion\Run | RuneApps Alt1 : "C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe" [-] -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3566702826-3063218439-588629531-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122017110324477\Software\Microsoft\Windows\CurrentVersion\Run | RuneApps Alt1 : "C:\Users\shift\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe" [-] -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \SVC Update -- C:\WINDOWS\explorer.exe ("http://sh.st/AeotZ") -> Deleted
 
¤¤¤ Files : 2 ¤¤¤
[Adw.AdService][Folder] C:\Users\shift\AppData\Local\AdService -> Deleted
[PUP.Gen0][File] C:\Users\shift\AppData\Roaming\Mozilla\Firefox\Profiles\m91rjjdu.default\searchplugins\yahoo! powered.xml -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-9YN164 +++++
--- User ---
[MBR] 5a5eaf3c71ed1c5bd813a53cfa379ed7
[BSP] ee71129fb318575aa541c31469efbb52 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 1907728 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 960 EVO 250GB +++++
--- User ---
[MBR] 61767e74a4e279debf19ba7525f8ca37
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 237050 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 486639616 | Size: 857 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

Edited by Wildfiregg, 13 September 2017 - 09:19 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:18 PM

Posted 14 September 2017 - 07:13 AM

Actually, this was the culprit:
[Hj.Shortcut] \SVC Update -- C:\WINDOWS\explorer.exe ("http://sh.st/AeotZ") -> Deleted
Though it could have been created by the FastDataX Adware, true :)

Now, can you monitor the situation for 24-48 hours and let me know if the pop-up comeback?

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Wildfiregg

Wildfiregg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 14 September 2017 - 06:15 PM

Actually, this was the culprit:

[Hj.Shortcut] \SVC Update -- C:\WINDOWS\explorer.exe ("http://sh.st/AeotZ") -> Deleted
Though it could have been created by the FastDataX Adware, true :)

Now, can you monitor the situation for 24-48 hours and let me know if the pop-up comeback?

 

Well yeah, that's what I meant, anyway, thank you very much Aura! Seems to have fixed the issue for me. No performance issues, no random popups, everything working great.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:18 PM

Posted 14 September 2017 - 06:19 PM

Awesome :)

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-VirusAnti-Malware
  • j1Bynr2.pngMalwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
  • S2NFpNw.pngHitmanPro 3 - Free 30 day trial
  • ncqvIpu.pngZemana AntiMalware - Free 30 day trial
Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:18 PM

Posted 16 September 2017 - 11:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users