Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus called "Whores" and "Stdafx" is ruining my computer Please help ASAP!


  • This topic is locked This topic is locked
23 replies to this topic

#1 morzer

morzer

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 17 December 2017 - 11:48 AM

 Hey, for the past 2 months now my computer has been severely decreased in performance do to 2 pieces of malware. I have tried factory resetting my entire computer but it stops me from doing that. There both called Stdafx, and Whores. Yes... im not joking its called Whores. I found this out after a couple days of researching and I looked in task manager and these were the two programs that looked suspicious and I've never heard of. I've also used pretty much EVERY anti-virus you can think of. Malware bytes with rkill, Norton, Bit defender (FULL VERSION), and they picked up some things at first. I quarantined, and then deleted both but I saw absolutely 0 increase in performance. Some of the symptoms that I have received are these:
 

Computer freezing completely with no response except active audio every 3 minutes lasting for about a minute 30 on average

Some games that I enjoy playing drop frames much more than usual

Browser taking 3x the amount of time to load than normal

And one thing that I don't think matters, but when I startup my computer it says "Press a button in the next 10 seconds to stop a drive repair" If I press it it boots like normal, (slower of course) but if I don't it takes about less than a second to "Scanning and repairing drive 1-02497-g89er[fsa1=3-0124124/:" or something like that it just puts a bunch of random numbers next to it just happens ever since the virus. 

Browser cannot be changed back to google it changed it to bing. So whenever I search into google it loads into google for a split second and redirects me to a bing search.

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by lilse (administrator) on DESKTOP-CVAKAP4 (17-12-2017 11:40:10)
Running from C:\Users\lilse\Downloads
Loaded Profiles: lilse (Available Profiles: lilse)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\lmmrpicsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\IntelCpHDCPSvc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Service\Tobii.Service.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
() C:\Program Files (x86)\Tobii\Service\Tobii Lite Core.exe
(Microsoft Corporation) C:\Windows\System32\SensorDataService.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Tobii EyeX\Tobii.EyeX.Engine.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Tobii EyeX Interaction\Tobii.EyeX.Tray.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Tobii EyeX Interaction\Tobii.EyeX.Interaction.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(A-Volute) C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe
() C:\Program Files (x86)\hofstra\aller.exe
(Discord Inc.) C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe
() C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe
() C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe
(Discord Inc.) C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(Alienware Corp.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Discord Inc.) C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
() C:\Users\lilse\AppData\Local\upiabxt\upiabxt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
() C:\Users\lilse\AppData\Local\igfxmtc\igfxmtc.exe
(Bogdan Sharkov) C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8e\TiWorker.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\lilse\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13856 2017-03-21] (Alienware)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [942400 2012-04-18] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1241408 2012-04-11] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9209856 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484280 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [AWSoundCenterUILauncher] => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe [1230008 2017-03-10] (A-Volute)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-B2D537DF-A661-4AAF-82C6-81921211F422\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-B2D537D (the data entry has 44 more characters).
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3747256 2016-12-02] (Alienware Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [aller] => C:\Program Files (x86)\hofstra\aller.exe [73565 2017-11-19] ()
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [segundo] => "C:\Program Files (x86)\Malarious\whores.exe"
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [Discord] => C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-11-19]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-10-08]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2017-04-26] ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2017-04-26] ()
Startup: C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Updater.lnk [2017-12-13]
ShortcutTarget: Registry Updater.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Startup: C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stdafx.lnk [2017-12-16]
ShortcutTarget: stdafx.lnk -> C:\Users\lilse\stdafx.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15e7d2d9-8d8b-4c06-810e-e73610e7eda0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKU\S-1-5-21-4116991164-3585888819-3333027806-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4116991164-3585888819-3333027806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4116991164-3585888819-3333027806-1001 -> {8C97E51A-A357-4F25-98E9-22FF1002C0A1} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-15] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]
CHR Extension: (Slides) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-11]
CHR Extension: (YouTube) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11]
CHR Extension: (ForceCop Supreme Bot) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfjoaeimifdebhokjofbhmkbnlclfcc [2017-12-12]
CHR Extension: (Sheets) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11]
CHR Extension: (Gmail) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-06]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [122400 2017-10-13] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-12-11] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-02] (Intel Corporation)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [14400 2017-05-01] (Alienware)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-18] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-08-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-13] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25312 2016-11-01] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-17] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-17] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-11-08] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2193088 2017-05-04] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-12-05] (NVIDIA Corporation)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1278584 2017-10-31] (Bitdefender)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [435328 2017-10-09] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [916096 2017-10-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-03-23] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265792 2017-05-18] (Synaptics Incorporated)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
R2 Tobii Service; C:\Program Files (x86)\Tobii\Service\Tobii.Service.exe [198720 2017-07-12] (Tobii AB)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 2E57A2BD; C:\WINDOWS\System32\drivers\2E57A2BD.sys [255928 2017-12-16] (Malwarebytes)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-16] (Qualcomm)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-12] (Intel Corporation)
R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164592 2017-04-17] (Qualcomm Atheros, Inc.)
S3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems GmbH)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [35216 2016-08-18] ()
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-08-12] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-31] ()
S1 fvrwjqov; C:\WINDOWS\system32\drivers\fvrwjqov.sys [72816 2017-11-19] (Microsoft Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
R3 kiox_ff_driver; C:\WINDOWS\system32\DRIVERS\kiox_ff_driver.sys [50312 2016-09-21] (Kionix, Inc.)
R0 kxdiskprot; C:\WINDOWS\System32\DRIVERS\kxdiskprot.sys [38544 2016-06-13] (Kionix, Inc.)
R1 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-12-16] (Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_dc2fd992ace4d5f9\nvlddmkm.sys [17025992 2017-12-06] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-12-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-12-05] (NVIDIA Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [123624 2017-05-04] (Rivet Networks, LLC.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2016-12-21] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72256 2017-05-18] (Synaptics Incorporated)
S1 szhunaso; C:\WINDOWS\system32\drivers\szhunaso.sys [72816 2017-11-19] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
S4 SMR501; System32\drivers\SMR501.SYS [X]
R3 udiskMgr; system32\drivers\bfilos.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-17 11:39 - 2017-12-17 11:39 - 002392064 _____ (Farbar) C:\Users\lilse\Downloads\FRST64 (1).exe
2017-12-17 10:56 - 2017-12-17 10:56 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3B842B9F.sys
2017-12-17 03:09 - 2017-12-17 03:09 - 000140112 ____N C:\WINDOWS\system32\Drivers\iaioruyb.sys
2017-12-16 22:13 - 2017-12-16 22:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\235D333E.sys
2017-12-16 21:36 - 2017-12-16 21:36 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5F5C474A.sys
2017-12-16 20:31 - 2017-09-11 21:44 - 000037832 ____N (Intel Corporation ) C:\WINDOWS\system32\Drivers\iqvw64e.sys
2017-12-16 19:28 - 2017-12-16 19:28 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7F5E6524.sys
2017-12-16 15:19 - 2017-12-16 15:19 - 000056853 _____ C:\Users\lilse\Downloads\Addition.txt
2017-12-16 15:18 - 2017-12-17 11:40 - 000028078 _____ C:\Users\lilse\Downloads\FRST.txt
2017-12-16 15:17 - 2017-12-17 11:40 - 000000000 ___DC C:\FRST
2017-12-16 15:15 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-16 15:15 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-16 15:13 - 2017-12-16 15:13 - 002392576 _____ (Farbar) C:\Users\lilse\Downloads\FRST64.exe
2017-12-16 15:12 - 2017-12-16 15:12 - 014178840 _____ (Malwarebytes Corp.) C:\Users\lilse\Downloads\mbar-1.10.3.1001 (1).exe
2017-12-16 15:12 - 2017-12-16 15:12 - 008172032 _____ (Malwarebytes) C:\Users\lilse\Downloads\AdwCleaner (1).exe
2017-12-16 15:09 - 2017-12-16 15:09 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2ECB1F90.sys
2017-12-16 15:04 - 2017-12-17 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-16 15:04 - 2017-12-16 22:32 - 000000000 ____D C:\Users\lilse\Desktop\mbar
2017-12-16 15:04 - 2017-12-16 22:13 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-16 15:04 - 2017-12-16 15:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2E57A2BD.sys
2017-12-16 15:04 - 2017-12-16 15:04 - 014178840 _____ (Malwarebytes Corp.) C:\Users\lilse\Downloads\mbar-1.10.3.1001.exe
2017-12-16 15:03 - 2017-12-16 15:04 - 008172032 _____ (Malwarebytes) C:\Users\lilse\Downloads\AdwCleaner.exe
2017-12-16 11:53 - 2017-12-16 15:04 - 000000718 _____ C:\WINDOWS\ntbtlog.txt
2017-12-16 11:46 - 2017-12-16 11:46 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0FBA043B.sys
2017-12-16 11:46 - 2017-12-16 11:46 - 000000000 ____D C:\ProgramData\SMR501
2017-12-16 11:43 - 2017-12-16 11:50 - 000000000 ____D C:\Users\lilse\AppData\Local\NPE
2017-12-16 11:43 - 2017-12-16 11:43 - 003422944 _____ (Symantec Corporation) C:\Users\lilse\Downloads\NPE.exe
2017-12-16 11:43 - 2017-12-16 11:43 - 000000020 _____ C:\WINDOWS\system32\Drivers\SMR501.dat
2017-12-16 11:43 - 2017-12-16 11:43 - 000000000 ____D C:\ProgramData\Norton
2017-12-16 10:28 - 2017-12-16 10:28 - 000000000 ____D C:\Users\lilse\AppData\Roaming\NVIDIA
2017-12-15 20:47 - 2017-12-17 11:26 - 000000262 _____ C:\Users\lilse\Documents\ClownfishVoiceChanger.ini
2017-12-15 20:47 - 2017-12-15 20:47 - 000000000 ____D C:\Users\lilse\Documents\ClownfishSoundTemp
2017-12-15 20:46 - 2017-12-15 20:46 - 000576312 _____ (Shark Labs) C:\Users\lilse\Downloads\VoiceChanger64(0.68).exe
2017-12-15 20:46 - 2017-12-15 20:46 - 000002168 _____ C:\Users\Public\Desktop\ClownfishVoiceChanger.lnk
2017-12-15 20:46 - 2017-12-15 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger
2017-12-15 20:46 - 2017-12-15 20:46 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger
2017-12-15 19:45 - 2017-12-15 19:45 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0D2924AF.sys
2017-12-15 12:52 - 2017-12-15 12:52 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0364683E.sys
2017-12-15 12:44 - 2017-12-15 21:45 - 000000000 ____D C:\Users\lilse\AppData\Local\NVIDIA
2017-12-15 12:43 - 2017-12-15 12:43 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7B246133.sys
2017-12-15 12:42 - 2017-12-15 12:42 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-12-15 12:42 - 2017-12-15 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-15 12:42 - 2017-12-05 16:17 - 001309120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-12-15 12:41 - 2017-12-17 10:56 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-15 12:41 - 2017-12-15 12:42 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-15 12:41 - 2017-12-15 12:41 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-15 12:41 - 2017-12-05 16:17 - 000532976 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-12-15 12:41 - 2017-12-05 16:17 - 000438584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-12-15 12:41 - 2017-12-05 16:17 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-15 12:41 - 2017-12-05 14:36 - 000137200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-12-15 12:41 - 2017-12-05 14:32 - 005966696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000607304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-15 12:41 - 2017-11-25 07:40 - 007874971 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-12-15 12:41 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-15 12:41 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-15 12:41 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-12-15 12:41 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-12-15 12:39 - 2017-12-05 16:17 - 040238576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 036348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 035156368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 029379568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 023267096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 019040512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 013867840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 011782096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 004202808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 003817400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 003615032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001989944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438859.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001674736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438859.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001102368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001044664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000982888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000932424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000885496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000794576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000506680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-12-15 12:39 - 2017-12-05 16:17 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-12-15 12:39 - 2017-12-05 16:17 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-12-15 12:39 - 2017-12-05 16:17 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-12-15 12:39 - 2017-12-05 16:17 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-12-15 12:38 - 2017-12-15 12:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-15 12:36 - 2017-12-15 12:42 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-15 12:36 - 2017-12-15 12:36 - 000000000 ___DC C:\NVIDIA
2017-12-15 12:35 - 2017-12-15 12:35 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-12-15 12:35 - 2017-12-15 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-15 12:35 - 2017-12-15 12:35 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-15 12:34 - 2017-12-15 12:34 - 001852992 _____ (Oracle Corporation) C:\Users\lilse\Downloads\JavaSetup8u151.exe
2017-12-15 12:33 - 2017-12-15 12:35 - 461820848 _____ (NVIDIA Corporation) C:\Users\lilse\Downloads\388.59-desktop-win10-64bit-international-whql.exe
2017-12-15 12:32 - 2017-12-15 12:32 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4FED5937.sys
2017-12-15 12:27 - 2017-12-15 12:29 - 000000000 ____D C:\Users\lilse\Desktop\driver uninstall
2017-12-15 12:27 - 2017-12-15 12:27 - 001094931 _____ C:\Users\lilse\Downloads\[Guru3D.com]-DDU.zip
2017-12-15 11:19 - 2017-12-15 11:20 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-12-15 11:19 - 2017-12-15 11:19 - 030584520 _____ (Python Software Foundation) C:\Users\lilse\Downloads\python-3.6.3.exe
2017-12-15 11:19 - 2017-12-15 11:19 - 000000000 ____D C:\Users\lilse\AppData\Local\Package Cache
2017-12-15 11:14 - 2017-12-15 11:14 - 000001112 _____ C:\Users\lilse\Desktop\Notepad++.lnk
2017-12-15 11:14 - 2017-12-15 11:14 - 000000000 ____D C:\Users\lilse\AppData\Local\Notepad++
2017-12-15 11:14 - 2017-12-15 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-15 11:09 - 2017-12-15 11:09 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\lilse\Downloads\rkill64.exe
2017-12-15 11:06 - 2017-12-15 11:06 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\74D716F6.sys
2017-12-15 11:03 - 2017-12-16 22:13 - 000002090 _____ C:\Users\lilse\Desktop\Rkill.txt
2017-12-15 11:03 - 2017-12-15 11:03 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\lilse\Downloads\rkill.exe
2017-12-15 10:59 - 2017-12-15 10:59 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4C291220.sys
2017-12-15 10:54 - 2017-12-16 22:33 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-15 10:54 - 2017-12-16 15:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-15 10:54 - 2017-12-15 10:54 - 000001914 _____ C:\Users\lilse\Desktop\Malwarebytes.lnk
2017-12-15 10:54 - 2017-12-15 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-15 10:53 - 2017-12-15 10:53 - 064025992 _____ (Malwarebytes ) C:\Users\lilse\Downloads\mb3-setup-SEMFD.100SEM-3.1.2.1733-1.0.139-1.0.2060.exe
2017-12-14 17:27 - 2017-12-14 17:27 - 000000000 ____D C:\Program Files\Synaptics
2017-12-14 17:27 - 2017-05-18 02:55 - 000072256 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-12-14 16:30 - 2017-12-14 16:30 - 102779800 _____ (obsproject.com) C:\Users\lilse\Downloads\OBS-Studio-20.1.3-Full-Installer.exe
2017-12-14 10:38 - 2017-12-14 10:38 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2017-12-14 10:25 - 2017-12-14 10:26 - 032145408 _____ C:\Users\lilse\Downloads\EpicInstaller-6.10.0.msi
2017-12-13 14:43 - 2017-12-16 21:23 - 000000000 ____D C:\Users\lilse\AppData\Roaming\CC
2017-12-13 14:39 - 2017-12-13 14:39 - 000000585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rules of Survival.lnk
2017-12-13 14:39 - 2017-12-13 14:39 - 000000573 _____ C:\Users\Public\Desktop\Rules of Survival.lnk
2017-12-13 14:39 - 2017-12-13 14:39 - 000000016 _____ C:\ProgramData\mntemp
2017-12-13 14:39 - 2017-12-13 14:39 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Netease
2017-12-13 14:37 - 2017-12-16 21:21 - 000000000 ___DC C:\ros
2017-12-11 18:38 - 2017-12-11 18:38 - 000002239 _____ C:\Users\lilse\Desktop\Discord.lnk
2017-12-11 18:38 - 2017-12-11 18:38 - 000000000 ____D C:\Users\lilse\AppData\Local\Discord
2017-12-11 13:34 - 2017-12-11 13:34 - 000000000 ____D C:\Users\lilse\Desktop\gta
2017-12-11 11:34 - 2017-12-11 10:02 - 000382504 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-12-11 10:53 - 2017-12-12 10:11 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-11 10:53 - 2017-12-12 10:11 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-11 10:53 - 2017-12-11 10:53 - 000000000 ____D C:\Users\lilse\Documents\Rockstar Games
2017-12-11 10:53 - 2017-12-11 10:53 - 000000000 ____D C:\Users\lilse\AppData\Local\Rockstar Games
2017-12-11 10:02 - 2017-12-11 10:02 - 000000222 _____ C:\Users\lilse\Desktop\Dead by Daylight.url
2017-12-11 09:01 - 2017-12-11 09:01 - 000000219 _____ C:\Users\lilse\Desktop\Counter-Strike Global Offensive.url
2017-12-10 20:12 - 2017-12-14 10:37 - 000001238 _____ C:\Users\lilse\Desktop\List of missing assignments needed to do.txt
2017-12-10 19:13 - 2017-12-10 19:13 - 000000222 _____ C:\Users\lilse\Desktop\Grand Theft Auto V.url
2017-12-10 18:35 - 2017-12-10 18:35 - 000000000 ____D C:\Users\lilse\Desktop\ZenZai
2017-12-10 18:23 - 2017-12-10 18:23 - 000002495 _____ C:\Users\lilse\Desktop\Word 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002494 _____ C:\Users\lilse\Desktop\PowerPoint 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002458 _____ C:\Users\lilse\Desktop\Access 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002457 _____ C:\Users\lilse\Desktop\Excel 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002451 _____ C:\Users\lilse\Desktop\Outlook 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002445 _____ C:\Users\lilse\Desktop\Publisher 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002437 _____ C:\Users\lilse\Desktop\OneNote 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-12-10 18:17 - 2017-12-10 18:17 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-12-08 17:34 - 2017-12-14 16:31 - 000001281 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-12-08 17:33 - 2017-12-14 16:31 - 000000000 ____D C:\Program Files (x86)\obs-studio
2017-12-08 17:16 - 2017-12-12 16:30 - 000000132 _____ C:\Users\lilse\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-12-08 16:39 - 2017-12-10 18:36 - 000000000 ____D C:\Users\lilse\Desktop\Photoshop Social Media Icon Pack
2017-12-08 12:57 - 2017-12-08 17:59 - 000000000 ____D C:\Users\lilse\Documents\Nightbot
2017-12-08 12:57 - 2017-12-08 12:57 - 000002329 _____ C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightbot.lnk
2017-12-08 12:57 - 2017-12-08 12:57 - 000002321 _____ C:\Users\lilse\Desktop\Nightbot.lnk
2017-12-08 12:57 - 2017-12-08 12:57 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Nightbot
2017-12-07 18:22 - 2017-12-13 19:14 - 002514944 ____N C:\WINDOWS\Minidump\121317-25937-01.dmp
2017-12-07 16:14 - 2017-12-07 16:52 - 000000150 _____ C:\Users\lilse\Desktop\TWITCH ALTS.txt
2017-12-07 13:12 - 2017-12-07 13:12 - 000212454 _____ C:\ProgramData\cl.uninstall.1512670282.bdinstall.bin
2017-12-07 13:11 - 2017-12-07 13:11 - 000038190 _____ C:\ProgramData\dm.uninstall.1512670295.bdinstall.bin
2017-12-07 13:11 - 2017-12-07 13:11 - 000022555 _____ C:\ProgramData\agent.uninstall.1512670270.bdinstall.bin
2017-12-07 12:37 - 2017-12-07 12:37 - 000000220 _____ C:\Users\lilse\Desktop\Garry's Mod.url
2017-12-06 20:37 - 2017-12-06 20:38 - 000002621 _____ C:\Users\lilse\AppData\Local\AppVShNotifyt.txt
2017-12-06 20:31 - 2017-12-06 20:38 - 000001778 _____ C:\Users\lilse\AppData\Local\x
2017-12-06 20:31 - 2017-12-06 20:31 - 000002621 _____ C:\Users\lilse\AppData\Local\AppVShNotifytvbs.vbs
2017-12-06 20:31 - 2017-12-06 20:31 - 000001781 _____ C:\Users\lilse\AppData\Local\xx
2017-12-06 20:30 - 2017-12-06 20:38 - 000938008 _____ C:\Users\lilse\AppData\Local\WindowsCodecsRaw.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000041984 _____ C:\Users\lilse\AppData\Local\AppVShNotifyt-t.exe
2017-12-06 20:30 - 2017-12-06 20:38 - 000002584 _____ C:\Users\lilse\AppData\Local\AppVShNotifytvbs.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ C:\Users\lilse\AppData\Local\XXML.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ C:\Users\lilse\AppData\Local\XML.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000000029 _____ C:\Users\lilse\AppData\Local\MCconfig.dll
2017-12-06 18:26 - 2017-12-07 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2017-12-06 18:26 - 2017-12-07 12:58 - 000000000 ____D C:\Program Files\Elgato
2017-12-06 18:26 - 2017-12-06 18:35 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Elgato
2017-12-06 18:26 - 2017-12-06 18:26 - 000000000 ____D C:\Users\lilse\AppData\Local\Elgato
2017-12-06 10:49 - 2017-12-12 16:31 - 000000000 ____D C:\Users\lilse\Desktop\Streaming Stuff
2017-12-06 10:49 - 2017-12-06 10:49 - 000000000 ____D C:\Users\lilse\Desktop\Stream Alerts
2017-12-06 10:47 - 2017-12-06 10:48 - 000002393 _____ C:\Users\lilse\Desktop\Twitch Alerts.lnk
2017-12-06 10:47 - 2017-12-06 10:47 - 000002401 _____ C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2017-12-06 10:47 - 2017-12-06 10:47 - 000000000 ____D C:\Users\lilse\AppData\Roaming\streamlabels
2017-12-05 17:14 - 2017-12-15 12:37 - 000000000 ____D C:\Users\lilse\Desktop\Donation Follow Subscriber Gifs
2017-12-05 13:08 - 2017-12-05 13:08 - 000002221 _____ C:\Users\Public\Desktop\Streamlabs Chatbot.lnk
2017-12-05 13:08 - 2017-12-05 13:08 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Streamlabs
2017-12-05 13:08 - 2017-12-05 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs
2017-12-04 19:16 - 2017-12-04 19:16 - 000000000 ____D C:\Users\lilse\AppData\Roaming\.mono
2017-12-04 19:16 - 2017-12-04 19:16 - 000000000 ____D C:\Users\lilse\AppData\LocalLow\Blizzard Entertainment
2017-12-04 19:16 - 2017-12-04 19:16 - 000000000 ____D C:\ProgramData\.mono
2017-12-04 18:52 - 2017-12-04 18:52 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\Users\lilse\AppData\Local\Blizzard Entertainment
2017-12-04 18:47 - 2017-12-04 19:16 - 000000000 ____D C:\Users\lilse\AppData\Local\Blizzard
2017-12-04 18:47 - 2017-12-04 18:47 - 000000000 ____D C:\ProgramData\Battle.net
2017-12-04 16:50 - 2017-12-16 16:30 - 000000000 ____D C:\Users\lilse\AppData\Roaming\obs-studio
2017-12-04 16:50 - 2017-12-04 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-11-30 20:05 - 2017-12-11 12:46 - 000000087 _____ C:\Users\lilse\Desktop\PC PARTS.txt
2017-11-30 04:50 - 2017-11-30 04:50 - 000000000 ____D C:\Users\lilse\AppData\Local\igfxmtc
2017-11-29 20:52 - 2017-11-29 20:52 - 000000000 ____D C:\WINDOWS\Panther
2017-11-26 20:25 - 2017-11-26 20:26 - 000000000 ____D C:\ProgramData\Epic
2017-11-26 20:25 - 2017-11-26 20:25 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-11-26 20:25 - 2017-11-26 20:25 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-11-26 20:25 - 2017-11-26 20:25 - 000000000 ____D C:\Users\lilse\AppData\Local\UnrealEngineLauncher
2017-11-26 20:25 - 2017-11-26 20:25 - 000000000 ____D C:\Users\lilse\AppData\Local\EpicGamesLauncher
2017-11-26 20:25 - 2017-11-26 20:25 - 000000000 ____D C:\Program Files (x86)\Epic Games
2017-11-24 13:57 - 2017-12-13 19:14 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-23 14:32 - 2017-12-06 16:13 - 000000000 ____D C:\ProgramData\Adobe
2017-11-23 14:32 - 2017-11-28 17:21 - 000000000 ____D C:\Users\lilse\AppData\Local\Adobe
2017-11-23 14:18 - 2017-11-23 14:18 - 000000000 ____D C:\Users\lilse\Documents\VideoCopilot
2017-11-23 14:18 - 2017-11-23 14:18 - 000000000 ____D C:\ProgramData\VideoCopilot
2017-11-23 14:10 - 2017-12-08 13:39 - 000002503 _____ C:\Users\lilse\Desktop\Adobe Photoshop CS6.lnk
2017-11-23 14:10 - 2017-12-07 13:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-23 14:10 - 2017-11-28 17:21 - 000000000 ____D C:\Users\lilse\AppData\LocalLow\Adobe
2017-11-23 14:10 - 2017-11-23 14:10 - 000000040 ___HC C:\5DC9BB388E51
2017-11-19 20:26 - 2017-11-19 20:26 - 000000000 ____D C:\Users\lilse\AppData\Roaming\AnyDesk
2017-11-19 19:49 - 2017-12-15 21:45 - 000000000 ____D C:\Users\lilse\AppData\Roaming\.minecraft
2017-11-19 19:44 - 2017-11-19 19:44 - 000001032 _____ C:\Users\lilse\Desktop\Minecraft.lnk
2017-11-19 19:44 - 2017-11-19 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-11-19 17:54 - 2017-12-16 15:08 - 000000000 ___DC C:\AdwCleaner
2017-11-19 17:47 - 2017-11-19 17:47 - 000009080 ____C C:\TDSSKiller.3.1.0.15_19.11.2017_17.47.04_log.txt
2017-11-19 17:45 - 2017-11-19 17:46 - 000217076 ____C C:\TDSSKiller.3.1.0.15_19.11.2017_17.45.15_log.txt
2017-11-19 17:35 - 2017-05-31 11:09 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-19 17:34 - 2017-11-19 17:45 - 000000000 ___DC C:\TDSSKiller_Quarantine
2017-11-19 17:33 - 2017-11-19 17:35 - 000109692 ____C C:\TDSSKiller.3.1.0.15_19.11.2017_17.33.58_log.txt
2017-11-19 17:14 - 2017-11-19 17:14 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-19 15:51 - 2017-11-19 15:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-19 15:20 - 2017-11-19 15:20 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Synaptics
2017-11-19 15:08 - 2017-11-19 15:08 - 000058993 _____ C:\ProgramData\dm.1511122109.bdinstall.bin
2017-11-19 15:08 - 2017-11-19 15:08 - 000027624 _____ C:\WINDOWS\system32\bddel.exe
2017-11-19 15:07 - 2017-11-19 15:07 - 000400984 _____ C:\ProgramData\cl.1511121925.bdinstall.bin
2017-11-19 15:07 - 2017-11-19 15:07 - 000076787 _____ C:\ProgramData\cl.kit.1511121915.bdinstall.bin
2017-11-19 15:07 - 2017-11-19 15:07 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\szhunaso.sys
2017-11-19 14:58 - 2017-11-19 14:58 - 000034491 _____ C:\ProgramData\agent.update.1511121516.bdinstall.bin
2017-11-19 14:57 - 2017-11-19 14:57 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvrwjqov.sys
2017-11-19 14:55 - 2017-11-21 22:29 - 000000000 ____D C:\Users\lilse\AppData\Local\consmxb
2017-11-19 14:52 - 2017-12-17 11:40 - 000000000 ____D C:\Users\lilse\AppData\Local\upiabxt
2017-11-19 14:52 - 2017-12-17 10:55 - 002883072 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\lmmrpicsvc.exe
2017-11-19 14:52 - 2017-11-19 14:58 - 000000000 ____D C:\Users\lilse\AppData\Local\agnxwdio
2017-11-19 14:52 - 2017-11-19 14:52 - 000000000 ____D C:\WINDOWS\SysWOW64\rarcwun
2017-11-19 14:52 - 2017-11-19 14:52 - 000000000 ____D C:\WINDOWS\system32\rarcwun
2017-11-19 14:52 - 2017-11-19 14:52 - 000000000 ____D C:\Users\lilse\AppData\Roaming\et
2017-11-19 14:51 - 2017-11-19 15:08 - 000000000 ___HD C:\Program Files (x86)\Unformed
2017-11-19 14:51 - 2017-11-19 14:51 - 000000020 _____ C:\WINDOWS\b32438917
2017-11-19 14:51 - 2017-11-19 14:51 - 000000000 ___HD C:\Program Files (x86)\hofstra
2017-11-19 14:51 - 2017-11-19 14:51 - 000000000 ____D C:\Program Files (x86)\steinhauser
2017-11-19 14:50 - 2017-11-19 15:55 - 000000000 ____D C:\Users\lilse\AppData\Roaming\AGData
2017-11-19 14:37 - 2017-11-09 13:39 - 008693152 _____ (CyberGhost S.A. ) C:\Users\lilse\Desktop\CyberGhost_6.0.8.2959.exe
2017-11-19 10:40 - 2017-11-19 10:40 - 000011264 _____ (Whores) C:\WINDOWS\rakesh.exe
2017-11-18 21:53 - 2017-11-18 21:53 - 000000000 ____D C:\Users\lilse\AppData\Local\FortniteGame
2017-11-18 21:34 - 2017-11-26 20:42 - 000000000 ____D C:\Program Files\Epic Games
2017-11-18 20:54 - 2017-12-11 19:54 - 000000000 ____D C:\Users\lilse\AppData\Local\UnrealEngine
2017-11-18 20:54 - 2017-12-11 11:34 - 000788760 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-11-18 20:54 - 2017-11-18 20:54 - 000000000 ____D C:\Users\lilse\AppData\Roaming\EasyAntiCheat
2017-11-18 20:54 - 2017-11-18 20:54 - 000000000 ____D C:\Users\lilse\AppData\Local\DeadByDaylight
2017-11-18 20:03 - 2017-11-18 20:03 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Steam Crack by iHow
2017-11-18 19:55 - 2017-11-18 19:56 - 000000000 ____D C:\Users\lilse\AppData\Roaming\KeyExtractor
2017-11-18 15:44 - 2017-11-18 20:40 - 000000000 ____D C:\Program Files\Sandboxie
2017-11-18 15:44 - 2017-11-18 20:39 - 000001840 _____ C:\WINDOWS\Sandboxie.ini
2017-11-18 04:22 - 2017-11-18 04:22 - 000000000 ____D C:\Users\lilse\opera autoupdate
2017-11-17 17:29 - 2017-11-17 17:30 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-17 17:28 - 2017-11-17 17:29 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-17 17:28 - 2017-11-17 17:28 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-17 17:27 - 2017-11-17 17:27 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-17 17:27 - 2017-11-17 17:27 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-17 17:27 - 2017-11-17 17:27 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-17 17:26 - 2017-11-17 17:26 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-17 17:26 - 2017-11-17 17:26 - 000000000 ____D C:\Program Files\MSBuild
2017-11-17 17:26 - 2017-11-17 17:26 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-17 17:26 - 2017-11-17 17:26 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-17 17:26 - 2017-09-28 18:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-17 17:26 - 2017-09-28 18:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-17 17:26 - 2017-09-28 18:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-17 17:26 - 2017-09-22 21:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-17 17:26 - 2017-09-22 21:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-17 17:26 - 2017-09-22 21:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-17 17:25 - 2017-11-17 17:30 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2017-11-17 14:46 - 2017-12-17 11:03 - 002502400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-17 14:45 - 2017-11-17 14:45 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-17 14:44 - 2017-11-17 14:44 - 000000000 ___HD C:\Users\lilse\MicrosoftEdgeBackups
2017-11-17 14:43 - 2017-11-17 14:43 - 000000020 ___SH C:\Users\lilse\ntuser.ini
2017-11-17 14:43 - 2017-11-17 14:43 - 000000000 ___RD C:\Users\lilse\3D Objects
2017-11-17 14:41 - 2017-11-21 16:00 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-11-17 14:41 - 2017-11-21 16:00 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-11-17 14:40 - 2017-12-17 11:02 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A64DEEBB-0657-4C3D-B42D-4B7C0A8EA3F8}
2017-11-17 14:40 - 2017-12-17 10:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-17 14:40 - 2017-12-15 12:42 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-15 12:42 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-17 14:40 - 2017-12-12 20:06 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-17 14:40 - 2017-12-12 20:06 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-17 14:40 - 2017-11-19 14:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-11-17 14:40 - 2017-11-17 14:46 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4116991164-3585888819-3333027806-1001
2017-11-17 14:40 - 2017-11-17 14:45 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-11-17 14:40 - 2017-11-17 14:40 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-17 14:40 - 2017-11-17 14:40 - 000003834 _____ C:\WINDOWS\System32\Tasks\Opera scheduled suite Autoupdate 1509825215
2017-11-17 14:40 - 2017-11-17 14:40 - 000003604 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1509825211
2017-11-17 14:40 - 2017-11-17 14:40 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-17 14:40 - 2017-11-17 14:40 - 000003252 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-11-17 14:40 - 2017-11-17 14:40 - 000003216 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-11-17 14:40 - 2017-11-17 14:40 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-17 14:40 - 2017-11-17 14:40 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-11-17 14:40 - 2017-11-17 14:40 - 000003098 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-11-17 14:40 - 2017-11-17 14:40 - 000003074 _____ C:\WINDOWS\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7
2017-11-17 14:40 - 2017-11-17 14:40 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-11-17 14:40 - 2017-11-17 14:40 - 000002708 _____ C:\WINDOWS\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon
2017-11-17 14:40 - 2017-11-17 14:40 - 000002444 _____ C:\WINDOWS\System32\Tasks\AWSoundCenterUILauncherRun
2017-11-17 14:40 - 2017-11-17 14:40 - 000002432 _____ C:\WINDOWS\System32\Tasks\AWSoundCenterSvc64Run
2017-11-17 14:40 - 2017-11-17 14:40 - 000002424 _____ C:\WINDOWS\System32\Tasks\AWSoundCenterSvc32Run
2017-11-17 14:40 - 2017-11-17 14:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-11-17 14:39 - 2017-11-17 14:39 - 000000000 ____D C:\ProgramData\USOShared
2017-11-17 14:37 - 2017-12-16 12:15 - 000000000 ____D C:\Users\lilse
2017-11-17 14:37 - 2017-12-15 13:21 - 000000000 ____D C:\Users\lilse\AppData\Local\Packages
2017-11-17 14:37 - 2017-11-17 14:37 - 000001576 _____ C:\Users\lilse\Desktop\Windows Media Player.lnk
2017-11-17 14:36 - 2017-11-17 14:36 - 000000470 ____H C:\WINDOWS\Tasks\AWSoundCenterUILauncherRun.job
2017-11-17 14:36 - 2017-11-17 14:36 - 000000468 ____H C:\WINDOWS\Tasks\AWSoundCenterSvc64Run.job
2017-11-17 14:36 - 2017-11-17 14:36 - 000000460 ____H C:\WINDOWS\Tasks\AWSoundCenterSvc32Run.job
2017-11-17 14:35 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-17 14:33 - 2017-12-17 03:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-17 14:33 - 2017-12-12 19:58 - 005026400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-17 14:20 - 2017-11-17 14:20 - 000000000 ____D C:\ProgramData\bdch
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-17 11:39 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-17 10:58 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-17 10:56 - 2017-10-11 12:52 - 000000000 __SHD C:\Users\lilse\IntelGraphicsProfiles
2017-12-17 03:09 - 2017-09-29 03:45 - 024641536 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-17 03:09 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-16 22:32 - 2017-11-02 16:14 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-16 21:36 - 2017-10-11 18:02 - 000000000 ____D C:\Users\lilse\AppData\Local\CrashDumps
2017-12-16 15:21 - 2017-11-04 15:38 - 000000000 ____D C:\Program Files (x86)\Notepad++
2017-12-16 11:46 - 2017-10-27 09:40 - 000001249 _____ C:\Users\lilse\Desktop\nativelog.txt
2017-12-16 10:13 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-16 10:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-15 12:46 - 2017-10-11 12:54 - 000000000 ____D C:\Users\lilse\AppData\Local\NVIDIA Corporation
2017-12-15 12:43 - 2017-10-11 12:52 - 000000000 ____D C:\Users\lilse\AppData\Local\VirtualStore
2017-12-15 12:43 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-15 12:42 - 2017-11-03 14:48 - 000000000 ____D C:\temp
2017-12-15 12:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2017-12-15 12:35 - 2017-10-12 12:38 - 000000000 ____D C:\ProgramData\Oracle
2017-12-15 11:19 - 2017-10-08 09:31 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-15 11:14 - 2017-11-04 15:38 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Notepad++
2017-12-15 10:47 - 2017-10-20 18:07 - 000000000 ____D C:\Users\lilse\AppData\Roaming\discord
2017-12-15 10:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 10:38 - 2017-10-08 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2017-12-13 19:14 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-12 21:22 - 2017-10-08 09:42 - 000000000 ____D C:\ProgramData\TetServer
2017-12-12 20:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 20:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-11 18:38 - 2017-10-20 18:07 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-11 18:38 - 2017-10-20 18:06 - 000000000 ____D C:\Users\lilse\AppData\Local\SquirrelTemp
2017-12-11 11:37 - 2017-10-12 09:42 - 000000000 ____D C:\Users\lilse\Desktop\Keystone
2017-12-11 10:02 - 2017-10-11 17:49 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-10 18:23 - 2017-10-08 09:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-10 18:23 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-10 18:17 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-07 18:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2017-12-07 13:10 - 2017-10-31 20:08 - 000000000 ____D C:\ProgramData\Razer
2017-12-07 13:10 - 2017-10-31 20:08 - 000000000 ____D C:\Program Files (x86)\Razer
2017-12-07 13:02 - 2017-10-12 16:13 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Easeware
2017-12-06 15:45 - 2017-10-12 12:47 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-06 15:45 - 2017-10-11 13:10 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-05 16:17 - 2017-11-15 15:10 - 004485560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-12-05 16:17 - 2017-10-08 09:40 - 002404800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-12-05 16:17 - 2017-10-08 09:40 - 002070976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-12-03 17:38 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-03 17:38 - 2017-09-29 08:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-03 15:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-28 17:21 - 2017-10-11 12:52 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Adobe
2017-11-20 13:04 - 2017-10-31 20:09 - 000000000 ____D C:\Users\lilse\AppData\Local\Razer
2017-11-19 20:52 - 2017-11-12 11:57 - 000000000 ____D C:\Users\lilse\Documents\AutomaticSolution Software
2017-11-19 19:45 - 2017-10-18 21:04 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-11-19 19:04 - 2017-10-28 19:10 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2017-11-19 15:28 - 2017-10-11 12:53 - 000000000 __RDL C:\Users\lilse\OneDrive
2017-11-19 15:20 - 2017-11-04 14:53 - 000000000 ____D C:\Users\lilse\AppData\Local\Opera Software
2017-11-19 15:11 - 2017-10-11 15:52 - 000008635 ____C C:\bdlog.txt
2017-11-19 15:10 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-19 15:10 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-11-19 15:08 - 2017-11-02 13:35 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-18 15:47 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-18 04:20 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-17 22:57 - 2017-10-26 17:16 - 000000000 ____D C:\Users\lilse\AppData\Local\SLAM
2017-11-17 17:32 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-17 17:30 - 2017-11-07 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-17 17:30 - 2017-11-02 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-17 17:30 - 2017-10-29 19:49 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2017-11-17 17:30 - 2017-10-28 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-11-17 17:30 - 2017-10-18 17:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-11-17 17:30 - 2017-10-14 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-11-17 17:30 - 2017-10-12 13:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-11-17 17:30 - 2017-10-08 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobii EyeX Interaction
2017-11-17 17:30 - 2017-10-08 09:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2017-11-17 17:30 - 2017-10-08 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2017-11-17 17:30 - 2017-10-08 09:32 - 000000000 ____D C:\Program Files\Intel
2017-11-17 17:30 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-17 17:30 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-17 17:30 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-17 17:30 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-17 17:29 - 2017-10-11 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
2017-11-17 17:29 - 2017-10-08 09:33 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-11-17 17:29 - 2017-10-08 09:31 - 000000000 ____D C:\Program Files\Realtek
2017-11-17 17:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-17 17:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-17 17:28 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-17 17:28 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-17 17:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-17 17:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-17 17:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-17 17:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-17 17:28 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-17 15:00 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-17 14:46 - 2017-10-11 12:53 - 000002369 _____ C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-17 14:45 - 2017-10-11 12:52 - 000000000 ____D C:\Users\lilse\AppData\Local\ConnectedDevicesPlatform
2017-11-17 14:43 - 2017-10-11 12:48 - 000000000 ____D C:\Users\lilse\AppData\Local\TileDataLayer
2017-11-17 14:43 - 2017-10-08 09:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-17 14:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-17 14:40 - 2017-09-29 08:46 - 000000000 __RSD C:\WINDOWS\media
2017-11-17 14:40 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-17 14:39 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-17 14:38 - 2017-11-07 20:52 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-17 14:38 - 2017-11-03 14:48 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-11-17 14:38 - 2017-10-28 19:10 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-11-17 14:38 - 2017-10-28 19:09 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-11-17 14:37 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-17 14:36 - 2017-10-11 15:15 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-11-17 14:36 - 2017-10-08 09:36 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-11-17 14:36 - 2017-10-08 09:31 - 000013850 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-11-17 14:36 - 2017-10-08 09:31 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-17 14:36 - 2017-10-08 09:31 - 000000000 ____D C:\ProgramData\RTKAMPINFO
2017-11-17 14:36 - 2017-10-08 09:31 - 000000000 ____D C:\Program Files\Alienware
2017-11-17 14:36 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
 
==================== Files in the root of some directories =======
 
2017-12-08 17:16 - 2017-12-12 16:30 - 000000132 _____ () C:\Users\lilse\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-12-06 20:30 - 2017-12-06 20:38 - 000041984 _____ () C:\Users\lilse\AppData\Local\AppVShNotifyt-t.exe
2017-12-06 20:37 - 2017-12-06 20:38 - 000002621 _____ () C:\Users\lilse\AppData\Local\AppVShNotifyt.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000002584 _____ () C:\Users\lilse\AppData\Local\AppVShNotifytvbs.txt
2017-12-06 20:31 - 2017-12-06 20:31 - 000002621 _____ () C:\Users\lilse\AppData\Local\AppVShNotifytvbs.vbs
2017-12-06 20:30 - 2017-12-06 20:38 - 000000029 _____ () C:\Users\lilse\AppData\Local\MCconfig.dll
2017-12-06 20:30 - 2017-12-06 20:38 - 000938008 _____ () C:\Users\lilse\AppData\Local\WindowsCodecsRaw.txt
2017-12-06 20:31 - 2017-12-06 20:38 - 000001778 _____ () C:\Users\lilse\AppData\Local\x
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ () C:\Users\lilse\AppData\Local\XML.txt
2017-12-06 20:31 - 2017-12-06 20:31 - 000001781 _____ () C:\Users\lilse\AppData\Local\xx
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ () C:\Users\lilse\AppData\Local\XXML.txt
 
Some files in TEMP:
====================
2017-12-14 17:10 - 2017-11-14 14:55 - 000370296 _____ (NVIDIA Corporation) C:\Users\lilse\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\iaioruyb.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-12-15 10:43
 
==================== End of FRST.txt ============================
 
ADDITION:

 
Ran by lilse (17-12-2017 11:40:54)
Running from C:\Users\lilse\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-17 19:42:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4116991164-3585888819-3333027806-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4116991164-3585888819-3333027806-503 - Limited - Disabled)
Guest (S-1-5-21-4116991164-3585888819-3333027806-501 - Limited - Disabled)
lilse (S-1-5-21-4116991164-3585888819-3333027806-1001 - Administrator - Enabled) => C:\Users\lilse
WDAGUtilityAccount (S-1-5-21-4116991164-3585888819-3333027806-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Alienware Command Center (HKLM\...\{4A7B5997-A768-4678-9329-00F3A1F2554D}) (Version: 4.7.10.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{4A7B5997-A768-4678-9329-00F3A1F2554D}) (Version: 4.7.10.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Alienware Graphics Amplifier Software Installer (HKLM\...\{65A710ED-DB96-4BA8-8B90-116D73D2D647}) (Version: 3.0.13.0 - Dell Inc.) Hidden
Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{65A710ED-DB96-4BA8-8B90-116D73D2D647}) (Version: 3.0.13.0 - Dell Inc.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.30 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.30 - Alienware Corp.)
Alienware Sound Center (HKLM-x32\...\{e4a0a2ba-fc24-4749-8397-372b9e0948b5}) (Version: 1.1.6 - Alienware) Hidden
Alienware Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AudioLaunchpadConfigurator (HKLM\...\{9AFDA363-0B80-4EB2-96C4-8B205DD21FD7}) (Version: 1.1.601 - Alienware) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
CheckDevicesConfigurator (HKLM\...\{7E39F55E-D0D5-4607-9F07-44D9EDFC8BB6}) (Version: 1.1.601 - Alienware) Hidden
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{4164FBBB-3428-4EFE-863F-30CAC3ADE51A}) (Version: 3.1.2.3837 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{80642b68-d76d-4777-a9dc-4ca30647e8a8}) (Version: 3.1.2.3837 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell System Detect (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\d24084d039586cae) (Version: 8.8.0.1 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{C7EE237C-1350-409E-8681-993C74E48757}) (Version: 3.1.1.3834 - Dell Inc.)
Discord (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.31 - Compal Electronics, Inc.) Hidden
EMSC (HKLM-x32\...\InstallShield_{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.31 - Compal Electronics, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.5.2 - Kionix, Inc.)
Game Capture HD v1.0.0.1 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 1.0.0.1 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.317 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Killer Ethernet Performance Suite (HKLM\...\{5A8D7377-2BAB-4880-A5FB-B91239BD771C}) (Version: 1.2.1268 - Rivet Networks)
Killer Wireless Drivers (HKLM\...\{76EAE8AA-E399-489C-80BC-A8E73114EF20}) (Version: 1.2.1268 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup (HKLM\...\{7B4A3140-8581-44D0-93E5-4E4B18C4A519}) (Version: 1.1.601 - Alienware) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nahimic2UISetup (HKLM\...\{1BE26814-3654-479F-B483-A14D5DD46D35}) (Version: 1.1.601 - Alienware) Hidden
NahimicSettingsConfigurator (HKLM\...\{ECC31226-0322-439C-AE4B-EBB3EB540878}) (Version: 1.1.601 - Alienware) Hidden
Nightbot 0.1.1 (only current user) (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\b66ff3d2-8923-5696-ac2e-977beadfec4e) (Version: 0.1.1 - NightDev, LLC)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
ProductDaemonSetup (HKLM\...\{309081B0-ABEF-449E-AACC-C238E6009E8C}) (Version: 1.1.601 - Alienware) Hidden
Python 3.6.3 (32-bit) (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\{1bb10b8c-6e63-4897-9fb2-3873ce30d7e1}) (Version: 3.6.3150.0 - Python Software Foundation)
Python 3.6.3 Core Interpreter (32-bit) (HKLM-x32\...\{52D39C34-E5F5-41AE-88CD-5DE66C9150B4}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (32-bit) (HKLM-x32\...\{F7D9BDE7-2C35-4F7E-AEBE-9F3028451087}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (32-bit) (HKLM-x32\...\{20EB04A7-B5EF-485E-9440-F36214C5501D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit) (HKLM-x32\...\{CA16E2AA-4499-4FE5-A88C-174612920734}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (32-bit) (HKLM-x32\...\{DA64A828-F7A9-4A19-97BD-3A9A63CEB972}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit) (HKLM-x32\...\{14843392-E9B3-4031-BCF6-FC00D5791AA8}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AE89BB1E-1C06-4556-AA05-A6628DE07BA9}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit) (HKLM-x32\...\{63208505-67AD-4AAC-BD7B-00DE5B83BAF0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (32-bit) (HKLM-x32\...\{6CF91DC2-CED3-410B-88BB-E048C994AA1A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.7.5 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Rules of Survival version 1.0.0 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.0.0 - Hong Kong Netease Interactive Entertainment Limited)
SonicMapperConfigurator (HKLM\...\{C3F4C02E-668D-44AB-88D2-F7B28995763D}) (Version: 1.1.601 - Alienware) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamLabels 0.2.8 (only current user) (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.8 - Streamlabs)
Streamlabs Chatbot version 1.0.2.17 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.2.17 - Streamlabs)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.59 - Synaptics Incorporated)
Tet Fw Files (HKLM-x32\...\{D7ECC60F-0EDA-4984-91BD-2F2C90A602BA}) (Version: 1.0.0.0 - Tobii AB) Hidden
Thunderbolt™ Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
Tobii Bundle Requirements (HKLM-x32\...\{0FC6EDE1-E1B6-4AC4-833B-3FBC2871A208}) (Version: 2.10.0.6432 - Tobii AB) Hidden
Tobii Eula (HKLM-x32\...\{D9EEAE28-8BC2-412B-BF40-6FF6C82F4F41}) (Version: 2.10.0.6432 - Tobii AB) Hidden
Tobii Eye Tracking (HKLM-x32\...\{def619fe-04aa-47e1-80aa-f1abc3cf15cd}) (Version: 2.10.0.6432 - Tobii AB)
Tobii EyeX (HKLM-x32\...\{B2EA04C5-7D62-49D4-AE5D-32A8E35101AB}) (Version: 1.21.0.8242 - Tobii AB) Hidden
Tobii EyeX Config (HKLM-x32\...\{8AC172FB-3932-4986-A965-368328B7D1FC}) (Version: 4.7.0.942 - Tobii AB) Hidden
Tobii EyeX Interaction (HKLM-x32\...\{C0ABCA5C-E706-4616-8F13-32CB34739B13}) (Version: 2.10.0.4588 - Tobii AB) Hidden
Tobii EyeX Intro (HKLM-x32\...\{AF629577-33D6-4486-B113-3E5FCDE497D0}) (Version: 1.0.3.173 - Moonshot) Hidden
Tobii IS3 Eye Tracker Driver (HKLM-x32\...\{432D9D4E-D79E-4451-BF37-E36174D92E29}) (Version: 2.0.4 - Tobii AB) Hidden
Tobii PTP Filter Driver (HKLM\...\{AB77784C-40BA-4ABD-B7D6-5296773E8B67}) (Version: 1.1.0.75 - Tobii AB) Hidden
Tobii Service (HKLM-x32\...\{454ACCE1-E688-47C5-95A7-BAD66F78AA00}) (Version: 1.21.0.7209 - Tobii AB) Hidden
UIInstallUpgrade (HKLM\...\{782C0CC5-E96A-4136-9F24-DF593B161F1A}) (Version: 1.1.601 - Alienware) Hidden
VR Fw Files (HKLM-x32\...\{AAC4BA55-7772-4519-8BD1-283196AC490A}) (Version: 1.0.0.0 - Tobii AB) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-05] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxDTCM.dll [2017-06-29] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CF3D069-D047-4F3F-AB99-BC873585FAE5} - \iusb3mon -> No File <==== ATTENTION
Task: {18E9D43D-CCF0-4D45-9EAB-FA05D231E4B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {24CFA555-C273-4467-8017-DBCC4AE88334} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {283A6E3B-F693-4DEA-9B1A-4FC7055CED21} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
Task: {2A49EFDA-1E95-4DD4-AE22-D3F8A4DB85CC} - System32\Tasks\AWSoundCenterSvc32Run => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe [2017-03-10] ()
Task: {32F5C6E0-2D60-485E-A5FD-9206B5C78F51} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-05] (NVIDIA Corporation)
Task: {39B29049-F48A-4841-8787-B63E4806FF08} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-05] (NVIDIA Corporation)
Task: {3D693552-EFBD-4749-9CB0-BC7CFE6C3BC9} - System32\Tasks\Opera scheduled suite Autoupdate 1509825215 => C:\Users\lilse\AppData\Local\Programs\Opera\launcher.exe
Task: {4116B838-B278-421D-828D-396BF8BA8231} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
Task: {41EBBF1D-67FB-4434-AF4F-0686E7D698BC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-05] (NVIDIA Corporation)
Task: {5376F194-D572-4914-A072-6E758090C806} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-14] (Intel Corporation)
Task: {5500D47A-32B3-4093-B87C-E96198A23E76} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {658172FB-FBF1-4845-8EF1-D281695880C4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-10-31] (Bitdefender)
Task: {6A27C887-AB8A-4995-9E30-D18AA935269C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {705CD51F-5AB4-4467-BAC3-2A1F2C0CF9BA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {752F105C-66A2-4643-AA17-0902F7D3F321} - System32\Tasks\AWSoundCenterSvc64Run => C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe [2017-03-10] ()
Task: {75B8DCE9-F4EA-46F2-A2E7-544C48A543D1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-13] (Intel® Corporation)
Task: {7D5CDE72-4AD6-4369-B766-D9A480DE9504} - System32\Tasks\AWSoundCenterUILauncherRun => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe [2017-03-10] (A-Volute)
Task: {7D71EEA3-5E82-413D-AC48-A27B88FBD72A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-05] (NVIDIA Corporation)
Task: {7E897419-880F-4ED1-8509-4555AF9BAA29} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
Task: {81B38CBF-67B9-44E3-AB87-8DADD921ECEC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {8477C0EF-ED72-4C9D-A28F-17003F566D7D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {85B88ADB-A7C9-4510-AC10-F9BB81207515} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {89BD84FF-0466-4546-8725-1ED69274C623} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-14] (Intel Corporation)
Task: {9ABFA738-C271-4019-A7FB-F8E6C9027E4E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-10] ()
Task: {A0F30610-B6E2-4F58-B20D-F539A523DEAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {AD87261B-64B5-49CE-8EE1-F26E01D674EF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-10] (Microsoft Corporation)
Task: {B0809D28-BA34-4E71-B6DA-410BD6C4D404} - System32\Tasks\Opera scheduled Autoupdate 1509825211 => C:\Users\lilse\AppData\Local\Programs\Opera\launcher.exe
Task: {B1E4ABDD-4853-4FFC-B123-1ADD6846DA03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {B6900E53-BE79-4F9A-8E79-68B231A7C760} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
Task: {C3DAEC3D-43DB-4D5C-815D-D1193BED496F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {C80F9DC8-053F-404B-AFB0-2C286FFDAB09} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {E5043FD8-5EF5-422D-9261-ADCE052B9804} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {F058C156-211C-45DA-8C5E-4BCBE9B5EAD2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
Task: {F3D78FEF-B7BC-478F-BF29-6E26620110A2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-10] ()
Task: {FA39F742-CFA6-4375-8B9D-F25F355AF2EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AWSoundCenterSvc32Run.job => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe
Task: C:\WINDOWS\Tasks\AWSoundCenterSvc64Run.job => C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe
Task: C:\WINDOWS\Tasks\AWSoundCenterUILauncherRun.job => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-04 03:27 - 2017-07-04 03:27 - 000190208 _____ () C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
2017-03-10 07:15 - 2017-03-10 07:15 - 000217272 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll
2016-10-17 19:00 - 2016-10-17 19:00 - 000107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-17 19:00 - 2016-10-17 19:00 - 000412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-19 17:09 - 2017-07-19 17:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-09-29 08:42 - 2017-09-29 09:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 14:31 - 2017-12-11 14:31 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-11 14:31 - 2017-12-11 14:31 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-11 14:31 - 2017-12-11 14:31 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-11 14:31 - 2017-12-11 14:31 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-11 14:31 - 2017-12-11 14:31 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-11-01 16:18 - 2016-11-01 16:18 - 000253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2017-05-22 10:41 - 2017-05-22 10:41 - 002545088 _____ () C:\Program Files (x86)\Tobii\Service\Tobii Lite Core.exe
2017-11-19 10:40 - 2017-11-19 10:40 - 000073565 _____ () C:\Program Files (x86)\hofstra\aller.exe
2017-03-10 07:12 - 2017-03-10 07:12 - 002365624 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCentersvc32.exe
2017-03-10 07:15 - 2017-03-10 07:15 - 000514744 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCentersvc64.exe
2017-11-26 20:25 - 2017-11-26 20:25 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2017-11-26 20:25 - 2017-11-26 20:25 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2017-11-26 20:25 - 2017-11-26 20:25 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2017-12-06 15:45 - 2017-12-05 23:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-06 15:45 - 2017-12-05 23:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-05-19 17:58 - 2017-05-19 17:58 - 000051680 _____ () C:\Program Files (x86)\Tobii\Service\plugins\Tobii.EyeX.Controller.Service.Library.dll
2017-05-19 17:57 - 2017-05-19 17:57 - 000430048 _____ () C:\Program Files (x86)\Tobii\Service\tecs.host.dll
2017-05-19 17:57 - 2017-05-19 17:57 - 000051680 _____ () C:\Program Files (x86)\Tobii\Service\tecs.hid.dll
2017-05-19 17:58 - 2017-05-19 17:58 - 000191968 _____ () C:\Program Files (x86)\Tobii\Service\tecs.lite.dll
2017-05-19 17:57 - 2017-05-19 17:57 - 000161760 _____ () C:\Program Files (x86)\Tobii\Service\libtobii_windll.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-10 07:10 - 2017-03-10 07:10 - 000192184 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterDevProps.dll
2017-05-22 10:41 - 2017-05-22 10:41 - 000118528 _____ () C:\Program Files (x86)\Tobii\Service\iframeclientDll.dll
2017-07-10 00:59 - 2017-07-10 00:59 - 001074928 _____ () C:\Program Files (x86)\Tobii\Tobii EyeX\tobii_stream_engine.DLL
2016-12-28 18:06 - 2016-12-28 18:06 - 000127216 _____ () C:\Program Files (x86)\Tobii\Tobii EyeX\tobii_firmware_upgrade.dll
2017-12-11 18:38 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\lilse\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-11 18:38 - 2017-12-11 18:38 - 001886712 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-11 18:38 - 2017-12-11 18:38 - 001773560 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-11 18:38 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\lilse\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-11 18:38 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\lilse\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-10-08 09:31 - 2017-10-08 09:31 - 000939008 _____ () C:\WINDOWS\SYSTEM32\EMSC.dll
2017-12-11 18:38 - 2017-12-11 18:38 - 009802232 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-11 18:38 - 2017-12-11 18:38 - 001505784 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-11 18:38 - 2017-12-11 18:38 - 000513016 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-11 18:38 - 2017-12-11 18:38 - 002662904 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-11 18:38 - 2017-12-11 18:38 - 001517048 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-11 18:38 - 2017-12-11 18:38 - 002749944 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-12-15 12:42 - 2017-12-05 16:17 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-09-22 15:28 - 2017-09-22 15:28 - 000140664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Alienware Update\ServiceTagPlusPlus.dll
2016-11-08 18:40 - 2016-11-08 18:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 001949184 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000774656 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvrwjqov.sys:changelist [338]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\szhunaso.sys:changelist [472]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93028116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93028116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\AW_EclipseHead_Final_2016.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "DLQLU"
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\StartupApproved\StartupFolder: => "stdafx.lnk"
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\StartupApproved\Run: => "segundo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6BDF4D6A-38E1-4263-B1DF-21809C60CD42}] => (Allow) C:\Users\lilse\AppData\Local\Programs\Opera\48.0.2685.52\opera.exe
FirewallRules: [UDP Query User{FE0FFDA3-2C66-4F45-8555-CCC0F5312326}C:\program files\faceit\faceit.exe] => (Allow) C:\program files\faceit\faceit.exe
FirewallRules: [TCP Query User{278C4332-7EF6-409C-A272-6C00D36EC3F8}C:\program files\faceit\faceit.exe] => (Allow) C:\program files\faceit\faceit.exe
FirewallRules: [UDP Query User{AFD6CB5F-3F47-4803-B8A3-2CF3A800A1C3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{73977995-C341-4068-B227-CA7E450FE6A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{61E534CF-A1AB-41C2-876D-38DFA243CADB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7F684C1E-1F4A-4560-81F1-26438F8FA9CF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3C192A26-6095-4E37-B4AF-234190F4DAF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0461189C-9BED-4422-AFCC-2AFC699D4D4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AA367A6-42D5-4902-BA8F-3ECDB0CF7362}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{4D4767C9-5491-4AB0-8B94-FA48D0563F06}C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe] => (Allow) C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe
FirewallRules: [TCP Query User{DE0ECE58-CAFD-4430-8D7B-7B45B9D7030F}C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe] => (Allow) C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe
FirewallRules: [TCP Query User{E0A34FBE-4F79-4715-8097-C4E0F6CD2203}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{4F0149C4-9C0F-4371-923E-16BC868AE77F}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{0D0B1AF0-96E0-42EF-82B2-9604780C5C3C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{90952B08-0B85-4F96-91F5-2659233DE2C7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{FB905338-EF38-4080-8C3A-1984BBBC3D55}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{AC0AF428-8EA8-4845-8C93-F73A87631DD4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{81DF8141-38D2-44B8-BACD-075A0F6DD0EA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{A04F2A72-FEF9-4BF8-8146-49C5A90CC834}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{3AD7DB6F-BD01-407E-8956-6E4BF14AD002}C:\users\lilse\downloads\anydesk.exe] => (Allow) C:\users\lilse\downloads\anydesk.exe
FirewallRules: [UDP Query User{3B36EB53-01A2-4098-A80C-C378A71A0971}C:\users\lilse\downloads\anydesk.exe] => (Allow) C:\users\lilse\downloads\anydesk.exe
FirewallRules: [TCP Query User{B2BEA60C-AC7E-4A5E-84A7-B8E8C67DA063}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B4DC8DFF-B2F1-4E05-A487-2D3CC73AC19F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{16AC43A2-BD82-48D0-A3C9-0DDD6401EF7C}] => (Allow) C:\Users\lilse\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe
FirewallRules: [{BCB82FE3-D64F-4090-9944-679EAAD9CE2A}] => (Allow) C:\Users\lilse\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe
FirewallRules: [{2FE39C53-9CEA-4A14-9E7B-ACBACB0C0E7A}] => (Allow) C:\Users\lilse\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe
FirewallRules: [{7FB328B9-5911-497C-ADA2-F2B7F38075DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1F38475F-C0D7-4819-82B5-4692FDF4BC39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8CBAC570-FF94-4D59-A86C-C1FB16716C0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{10A015DB-AAA2-420F-8051-40440EBD0911}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{57D2FB10-8CAE-4F97-B6CB-784409649E40}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{6165915B-4C70-49A2-9E10-9C0BEA3E2534}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F8EB7DAC-E219-48CD-80CF-2244561CEF5C}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A9222997-B557-456A-AF8D-90DFD0944575}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3AAAA680-FD79-4B95-8ACE-E6E71357BC8F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0FD2FF50-B9B4-445B-9E4E-7383BF17B6FF}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1D8BA9FB-1BDE-400E-958E-5273B579F48A}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{AC175E10-1123-4DBB-B34D-65340723364A}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{7721EF35-48CF-4EE7-AF13-05418FD0D4AC}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{66767337-19D2-49D6-BB9B-88909E59FF2B}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{AE56C0D5-7CFE-4C84-B3AE-F074BA482FF4}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{C76677BC-1F16-4796-B91F-2040D13441E2}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{889B6786-EBBB-4E54-9C14-8A8034CA0FBC}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{A414AFC3-4174-43C7-A401-F65214EF0C69}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{239A7E01-9B00-432C-9300-4D5D3D539616}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{5FF07492-8225-4EF7-894F-E6139ACEC0EC}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/17/2017 10:56:22 AM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 10:56:22,180 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 10:56:21 AM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 10:56:21,771 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 10:56:21 AM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 10:56:21,251 [5] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 10:56:21 AM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 10:56:21,250 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/16/2017 10:12:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GTA5.exe version 1.0.1290.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 10b4
 
Start Time: 01d376e3428e6169
 
Termination Time: 4294967295
 
Application Path: D:\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe
 
Report Id: 018ec0d9-8c50-41b3-84a9-06b025a904e3
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/16/2017 09:36:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d4c
 
Start Time: 01d376dfcf7219bc
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: 91bd882b-5992-4689-97bc-189f104fc5d1
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (12/16/2017 09:36:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-CVAKAP4)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (12/16/2017 09:36:19 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-16 21:36:19,047 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/16/2017 09:36:18 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-16 21:36:18,662 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/16/2017 09:36:18 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-16 21:36:18,224 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
 
System errors:
=============
Error: (12/17/2017 11:40:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:39:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:38:20 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CVAKAP4)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-CVAKAP4\lilse SID (S-1-5-21-4116991164-3585888819-3333027806-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/17/2017 11:36:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:33:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:30:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:27:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:26:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CVAKAP4)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-CVAKAP4\lilse SID (S-1-5-21-4116991164-3585888819-3333027806-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/17/2017 11:24:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/17/2017 11:22:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
 
CodeIntegrity:
===================================
  Date: 2017-12-16 21:38:09.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:38:09.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:38:08.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:38:08.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:58.753
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:58.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 16257.03 MB
Available physical RAM: 9662.78 MB
Total Virtual: 32641.03 MB
Available Virtual: 24805.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:103.08 GB) (Free:13.12 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:768.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 5054CE03)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 5054C4E2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

 

This virus has gotten SO annoying and I need to put a stop to it, if anyone could help please reply to me soon,

 

Thank you.

 


I forgot to put in this topic that I am running on a Windows 10 64 bit system.

Edited by hamluis, 17 December 2017 - 02:00 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 18 December 2017 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

If successful restart the computer normally.

Your System restore was showned as disabled on your Addition.txt log.
Make sure it's now enabled.

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Update and run the Malwarebytes Anti-Malware program. Remove everything that will be indentified.

===

Run the Farbar program one more time.
Post a fresh FRST log for my review.

Let me know what problem persists.

#3 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 18 December 2017 - 10:48 AM

Hey, thanks for responding. Sadly nothing has changed. All the problems are still occurring and the mbar didnt pick up anything. I did all the steps to turn on system restore and it still wont boot or change.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by lilse (administrator) on DESKTOP-CVAKAP4 (18-12-2017 10:42:57)
Running from C:\Users\lilse\Downloads
Loaded Profiles: lilse (Available Profiles: lilse)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\lmmrpicsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\IntelCpHDCPSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Service\Tobii.Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Tobii\Service\Tobii Lite Core.exe
(Microsoft Corporation) C:\Windows\System32\SensorDataService.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Tobii EyeX\Tobii.EyeX.Engine.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Tobii EyeX Interaction\Tobii.EyeX.Tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Tobii EyeX Interaction\Tobii.EyeX.Interaction.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(A-Volute) C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe
() C:\Program Files (x86)\hofstra\aller.exe
() C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe
() C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe
(Discord Inc.) C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Discord Inc.) C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(Alienware Corp.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Discord Inc.) C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
() C:\Users\lilse\AppData\Local\upiabxt\upiabxt.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
() C:\Users\lilse\AppData\Local\igfxmtc\igfxmtc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8e\TiWorker.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
() C:\Users\lilse\AppData\Local\upiabxt\vsadogw.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13856 2017-03-21] (Alienware)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [942400 2012-04-18] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1241408 2012-04-11] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9209856 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484280 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [AWSoundCenterUILauncher] => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe [1230008 2017-03-10] (A-Volute)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-B2D537DF-A661-4AAF-82C6-81921211F422\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-B2D537D (the data entry has 44 more characters).
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3747256 2016-12-02] (Alienware Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [aller] => C:\Program Files (x86)\hofstra\aller.exe [73565 2017-11-19] ()
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [segundo] => "C:\Program Files (x86)\Malarious\whores.exe"
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Run: [Discord] => C:\Users\lilse\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-11-19]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-10-08]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2017-04-26] ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2017-04-26] ()
Startup: C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Updater.lnk [2017-12-13]
ShortcutTarget: Registry Updater.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Startup: C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stdafx.lnk [2017-12-16]
ShortcutTarget: stdafx.lnk -> C:\Users\lilse\stdafx.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15e7d2d9-8d8b-4c06-810e-e73610e7eda0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKU\S-1-5-21-4116991164-3585888819-3333027806-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4116991164-3585888819-3333027806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4116991164-3585888819-3333027806-1001 -> {8C97E51A-A357-4F25-98E9-22FF1002C0A1} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-15] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default [2017-12-18]
CHR Extension: (Slides) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-11]
CHR Extension: (YouTube) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11]
CHR Extension: (ForceCop Supreme Bot) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfjoaeimifdebhokjofbhmkbnlclfcc [2017-12-12]
CHR Extension: (Sheets) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11]
CHR Extension: (Gmail) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\lilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-06]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [122400 2017-10-13] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-12-11] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-02] (Intel Corporation)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [14400 2017-05-01] (Alienware)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-18] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-08-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-13] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25312 2016-11-01] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-17] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-17] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-11-08] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2193088 2017-05-04] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-12-05] (NVIDIA Corporation)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1278584 2017-10-31] (Bitdefender)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [435328 2017-10-09] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [916096 2017-10-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-03-23] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265792 2017-05-18] (Synaptics Incorporated)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
R2 Tobii Service; C:\Program Files (x86)\Tobii\Service\Tobii.Service.exe [198720 2017-07-12] (Tobii AB)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 2E57A2BD; C:\WINDOWS\System32\drivers\2E57A2BD.sys [255928 2017-12-16] (Malwarebytes)
S4 7566D2EB; C:\WINDOWS\System32\drivers\7566D2EB.sys [255928 2017-12-17] (Malwarebytes)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-16] (Qualcomm)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-12] (Intel Corporation)
R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164592 2017-04-17] (Qualcomm Atheros, Inc.)
S3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems GmbH)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [35216 2016-08-18] ()
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-08-12] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-31] ()
S1 fvrwjqov; C:\WINDOWS\system32\drivers\fvrwjqov.sys [72816 2017-11-19] (Microsoft Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel Corporation)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [290528 2017-12-17] (SurfRight B.V.)
S3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2017-12-17] (SurfRight B.V.)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
R3 kiox_ff_driver; C:\WINDOWS\system32\DRIVERS\kiox_ff_driver.sys [50312 2016-09-21] (Kionix, Inc.)
R0 kxdiskprot; C:\WINDOWS\System32\DRIVERS\kxdiskprot.sys [38544 2016-06-13] (Kionix, Inc.)
R1 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-12-17] (Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_dc2fd992ace4d5f9\nvlddmkm.sys [17025992 2017-12-06] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-12-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-12-05] (NVIDIA Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [123624 2017-05-04] (Rivet Networks, LLC.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2016-12-21] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72256 2017-05-18] (Synaptics Incorporated)
S1 szhunaso; C:\WINDOWS\system32\drivers\szhunaso.sys [72816 2017-11-19] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
S4 SMR501; System32\drivers\SMR501.SYS [X]
R3 udiskMgr; system32\drivers\ybeilo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-18 10:37 - 2017-12-18 10:37 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\36230745.sys
2017-12-18 10:35 - 2017-12-18 10:35 - 000000000 ____D C:\Users\lilse\Downloads\FRST-OlderVersion
2017-12-18 10:21 - 2017-12-18 10:21 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7763F1EA.sys
2017-12-18 10:20 - 2017-12-18 10:20 - 014161479 _____ C:\Users\lilse\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-18 10:17 - 2017-12-18 10:17 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\59565C12.sys
2017-12-17 23:30 - 2017-12-17 23:30 - 000140112 ____N C:\WINDOWS\system32\Drivers\iaibehko.sys
2017-12-17 21:47 - 2017-12-17 21:47 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\46B41E57.sys
2017-12-17 21:31 - 2017-12-17 21:31 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\46C9118B.sys
2017-12-17 20:07 - 2017-12-17 20:07 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\690051BD.sys
2017-12-17 20:06 - 2017-12-17 20:06 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2017-12-17 20:05 - 2017-12-17 20:05 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5E8B5055.sys
2017-12-17 19:54 - 2017-12-17 19:54 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\lilse\Downloads\rkill64-18316.exe
2017-12-17 19:52 - 2017-12-17 19:52 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2BD14617.sys
2017-12-17 19:52 - 2017-12-17 19:52 - 000000000 ____D C:\WINDOWS\Panther
2017-12-17 19:47 - 2017-12-17 19:47 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\753612DB.sys
2017-12-17 19:46 - 2017-12-18 10:38 - 000000000 ____D C:\Users\lilse\Desktop\mbar
2017-12-17 19:37 - 2017-12-17 19:37 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\46B03A65.sys
2017-12-17 19:35 - 2017-12-17 19:35 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7DD3395C.sys
2017-12-17 19:23 - 2017-12-17 19:23 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3DF2302A.sys
2017-12-17 17:24 - 2017-12-17 17:24 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-12-17 17:23 - 2017-12-17 17:23 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\11165441.sys
2017-12-17 17:18 - 2017-12-17 17:18 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\71B8500C.sys
2017-12-17 17:14 - 2017-12-17 17:28 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-17 17:14 - 2017-12-17 17:14 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1D424CD5.sys
2017-12-17 16:59 - 2017-12-17 16:59 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7566D2EB.sys
2017-12-17 16:56 - 2017-12-17 16:56 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\14063F69.sys
2017-12-17 16:51 - 2017-12-17 16:51 - 000001369 _____ C:\Users\lilse\Desktop\Google Chrome.lnk
2017-12-17 16:23 - 2017-12-17 17:35 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2017-12-17 16:23 - 2017-12-17 16:23 - 001183368 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2017-12-17 16:23 - 2017-12-17 16:23 - 000829576 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2017-12-17 16:23 - 2017-12-17 16:23 - 000290528 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2017-12-17 16:23 - 2017-12-17 16:23 - 000093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2017-12-17 16:23 - 2017-12-17 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2017-12-17 16:23 - 2017-12-17 16:23 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-12-17 15:15 - 2017-12-17 15:15 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\75652321.sys
2017-12-17 14:57 - 2017-12-17 14:57 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7EC663DC.sys
2017-12-17 14:42 - 2017-12-17 14:42 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1CD458E7.sys
2017-12-17 14:30 - 2017-12-17 19:42 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-17 14:28 - 2017-12-17 14:28 - 000000000 ____D C:\WINDOWS\pss
2017-12-17 14:12 - 2017-12-17 14:18 - 026643395 _____ C:\Users\lilse\Downloads\Young Thug Type Melody Pack By Heztheproducer.zip
2017-12-17 10:56 - 2017-12-17 10:56 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3B842B9F.sys
2017-12-16 22:13 - 2017-12-16 22:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\235D333E.sys
2017-12-16 21:36 - 2017-12-16 21:36 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5F5C474A.sys
2017-12-16 20:31 - 2017-09-11 21:44 - 000037832 ____N (Intel Corporation ) C:\WINDOWS\system32\Drivers\iqvw64e.sys
2017-12-16 19:28 - 2017-12-16 19:28 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7F5E6524.sys
2017-12-16 15:19 - 2017-12-17 11:41 - 000055718 _____ C:\Users\lilse\Downloads\Addition.txt
2017-12-16 15:18 - 2017-12-18 10:43 - 000028489 _____ C:\Users\lilse\Downloads\FRST.txt
2017-12-16 15:17 - 2017-12-18 10:42 - 000000000 ___DC C:\FRST
2017-12-16 15:15 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-16 15:15 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-16 15:13 - 2017-12-18 10:35 - 002392064 ____C (Farbar) C:\Users\lilse\Downloads\FRST64.exe
2017-12-16 15:12 - 2017-12-16 15:12 - 014178840 _____ (Malwarebytes Corp.) C:\Users\lilse\Downloads\mbar-1.10.3.1001 (1).exe
2017-12-16 15:12 - 2017-12-16 15:12 - 008172032 _____ (Malwarebytes) C:\Users\lilse\Downloads\AdwCleaner (1).exe
2017-12-16 15:09 - 2017-12-16 15:09 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2ECB1F90.sys
2017-12-16 15:04 - 2017-12-18 10:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-16 15:04 - 2017-12-18 10:37 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-16 15:04 - 2017-12-16 15:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2E57A2BD.sys
2017-12-16 11:53 - 2017-12-16 15:04 - 000000718 _____ C:\WINDOWS\ntbtlog.txt
2017-12-16 11:46 - 2017-12-16 11:46 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0FBA043B.sys
2017-12-16 11:46 - 2017-12-16 11:46 - 000000000 ____D C:\ProgramData\SMR501
2017-12-16 11:43 - 2017-12-17 19:43 - 000000000 ____D C:\Users\lilse\AppData\Local\NPE
2017-12-16 11:43 - 2017-12-16 11:43 - 003422944 _____ (Symantec Corporation) C:\Users\lilse\Downloads\NPE.exe
2017-12-16 11:43 - 2017-12-16 11:43 - 000000020 _____ C:\WINDOWS\system32\Drivers\SMR501.dat
2017-12-16 11:43 - 2017-12-16 11:43 - 000000000 ____D C:\ProgramData\Norton
2017-12-16 10:28 - 2017-12-16 10:28 - 000000000 ____D C:\Users\lilse\AppData\Roaming\NVIDIA
2017-12-15 20:47 - 2017-12-17 22:22 - 000000261 _____ C:\Users\lilse\Documents\ClownfishVoiceChanger.ini
2017-12-15 20:47 - 2017-12-15 20:47 - 000000000 ____D C:\Users\lilse\Documents\ClownfishSoundTemp
2017-12-15 20:46 - 2017-12-15 20:46 - 000576312 _____ (Shark Labs) C:\Users\lilse\Downloads\VoiceChanger64(0.68).exe
2017-12-15 20:46 - 2017-12-15 20:46 - 000002168 _____ C:\Users\Public\Desktop\ClownfishVoiceChanger.lnk
2017-12-15 20:46 - 2017-12-15 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger
2017-12-15 20:46 - 2017-12-15 20:46 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger
2017-12-15 19:45 - 2017-12-15 19:45 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0D2924AF.sys
2017-12-15 12:52 - 2017-12-15 12:52 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0364683E.sys
2017-12-15 12:44 - 2017-12-15 21:45 - 000000000 ____D C:\Users\lilse\AppData\Local\NVIDIA
2017-12-15 12:43 - 2017-12-15 12:43 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7B246133.sys
2017-12-15 12:42 - 2017-12-15 12:42 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-12-15 12:42 - 2017-12-15 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-15 12:42 - 2017-12-05 16:17 - 001309120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-12-15 12:41 - 2017-12-18 10:17 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-15 12:41 - 2017-12-15 12:42 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-15 12:41 - 2017-12-15 12:41 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-15 12:41 - 2017-12-05 16:17 - 000532976 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-12-15 12:41 - 2017-12-05 16:17 - 000438584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-12-15 12:41 - 2017-12-05 16:17 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-15 12:41 - 2017-12-05 14:36 - 000137200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-12-15 12:41 - 2017-12-05 14:32 - 005966696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000607304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-12-15 12:41 - 2017-12-05 14:32 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-15 12:41 - 2017-11-25 07:40 - 007874971 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-12-15 12:41 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-15 12:41 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-15 12:41 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-12-15 12:41 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-12-15 12:39 - 2017-12-05 16:17 - 040238576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 036348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 035156368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 029379568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 023267096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 019040512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 013867840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 011782096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 004202808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 003817400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 003615032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001989944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438859.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001674736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438859.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001102368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001044664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000982888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000932424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000885496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000794576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000506680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-12-15 12:39 - 2017-12-05 16:17 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-12-15 12:39 - 2017-12-05 16:17 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-12-15 12:39 - 2017-12-05 16:17 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-12-15 12:39 - 2017-12-05 16:17 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-12-15 12:39 - 2017-12-05 16:17 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-12-15 12:38 - 2017-12-15 12:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-15 12:36 - 2017-12-15 12:42 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-15 12:36 - 2017-12-15 12:36 - 000000000 ___DC C:\NVIDIA
2017-12-15 12:35 - 2017-12-15 12:35 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-12-15 12:35 - 2017-12-15 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-15 12:35 - 2017-12-15 12:35 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-15 12:34 - 2017-12-15 12:34 - 001852992 _____ (Oracle Corporation) C:\Users\lilse\Downloads\JavaSetup8u151.exe
2017-12-15 12:33 - 2017-12-15 12:35 - 461820848 _____ (NVIDIA Corporation) C:\Users\lilse\Downloads\388.59-desktop-win10-64bit-international-whql.exe
2017-12-15 12:32 - 2017-12-15 12:32 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4FED5937.sys
2017-12-15 12:27 - 2017-12-15 12:29 - 000000000 ____D C:\Users\lilse\Desktop\driver uninstall
2017-12-15 12:27 - 2017-12-15 12:27 - 001094931 _____ C:\Users\lilse\Downloads\[Guru3D.com]-DDU.zip
2017-12-15 11:19 - 2017-12-15 11:20 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-12-15 11:19 - 2017-12-15 11:19 - 030584520 _____ (Python Software Foundation) C:\Users\lilse\Downloads\python-3.6.3.exe
2017-12-15 11:19 - 2017-12-15 11:19 - 000000000 ____D C:\Users\lilse\AppData\Local\Package Cache
2017-12-15 11:14 - 2017-12-15 11:14 - 000001112 _____ C:\Users\lilse\Desktop\Notepad++.lnk
2017-12-15 11:14 - 2017-12-15 11:14 - 000000000 ____D C:\Users\lilse\AppData\Local\Notepad++
2017-12-15 11:14 - 2017-12-15 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-15 11:09 - 2017-12-15 11:09 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\lilse\Downloads\rkill64.exe
2017-12-15 11:06 - 2017-12-15 11:06 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\74D716F6.sys
2017-12-15 11:03 - 2017-12-17 19:54 - 000001306 _____ C:\Users\lilse\Desktop\Rkill.txt
2017-12-15 11:03 - 2017-12-15 11:03 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\lilse\Downloads\rkill.exe
2017-12-15 10:59 - 2017-12-15 10:59 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4C291220.sys
2017-12-15 10:54 - 2017-12-17 19:42 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-15 10:54 - 2017-12-16 15:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-15 10:54 - 2017-12-15 10:54 - 000001914 _____ C:\Users\lilse\Desktop\Malwarebytes.lnk
2017-12-15 10:54 - 2017-12-15 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-15 10:53 - 2017-12-15 10:53 - 064025992 _____ (Malwarebytes ) C:\Users\lilse\Downloads\mb3-setup-SEMFD.100SEM-3.1.2.1733-1.0.139-1.0.2060.exe
2017-12-14 17:27 - 2017-12-14 17:27 - 000000000 ____D C:\Program Files\Synaptics
2017-12-14 17:27 - 2017-05-18 02:55 - 000072256 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-12-14 16:30 - 2017-12-14 16:30 - 102779800 _____ (obsproject.com) C:\Users\lilse\Downloads\OBS-Studio-20.1.3-Full-Installer.exe
2017-12-14 10:38 - 2017-12-14 10:38 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2017-12-14 10:25 - 2017-12-14 10:26 - 032145408 _____ C:\Users\lilse\Downloads\EpicInstaller-6.10.0.msi
2017-12-13 14:43 - 2017-12-16 21:23 - 000000000 ____D C:\Users\lilse\AppData\Roaming\CC
2017-12-13 14:39 - 2017-12-13 14:39 - 000000585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rules of Survival.lnk
2017-12-13 14:39 - 2017-12-13 14:39 - 000000573 _____ C:\Users\Public\Desktop\Rules of Survival.lnk
2017-12-13 14:39 - 2017-12-13 14:39 - 000000016 _____ C:\ProgramData\mntemp
2017-12-13 14:39 - 2017-12-13 14:39 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Netease
2017-12-13 14:37 - 2017-12-16 21:21 - 000000000 ___DC C:\ros
2017-12-11 18:38 - 2017-12-11 18:38 - 000002239 _____ C:\Users\lilse\Desktop\Discord.lnk
2017-12-11 18:38 - 2017-12-11 18:38 - 000000000 ____D C:\Users\lilse\AppData\Local\Discord
2017-12-11 13:34 - 2017-12-11 13:34 - 000000000 ____D C:\Users\lilse\Desktop\gta
2017-12-11 11:34 - 2017-12-11 10:02 - 000382504 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-12-11 10:53 - 2017-12-12 10:11 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-11 10:53 - 2017-12-12 10:11 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-11 10:53 - 2017-12-11 10:53 - 000000000 ____D C:\Users\lilse\Documents\Rockstar Games
2017-12-11 10:53 - 2017-12-11 10:53 - 000000000 ____D C:\Users\lilse\AppData\Local\Rockstar Games
2017-12-11 10:02 - 2017-12-11 10:02 - 000000222 _____ C:\Users\lilse\Desktop\Dead by Daylight.url
2017-12-11 09:01 - 2017-12-11 09:01 - 000000219 _____ C:\Users\lilse\Desktop\Counter-Strike Global Offensive.url
2017-12-10 20:12 - 2017-12-14 10:37 - 000001238 _____ C:\Users\lilse\Desktop\List of missing assignments needed to do.txt
2017-12-10 19:13 - 2017-12-10 19:13 - 000000222 _____ C:\Users\lilse\Desktop\Grand Theft Auto V.url
2017-12-10 18:35 - 2017-12-10 18:35 - 000000000 ____D C:\Users\lilse\Desktop\ZenZai
2017-12-10 18:23 - 2017-12-10 18:23 - 000002495 _____ C:\Users\lilse\Desktop\Word 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002494 _____ C:\Users\lilse\Desktop\PowerPoint 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002458 _____ C:\Users\lilse\Desktop\Access 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002457 _____ C:\Users\lilse\Desktop\Excel 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002451 _____ C:\Users\lilse\Desktop\Outlook 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002445 _____ C:\Users\lilse\Desktop\Publisher 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000002437 _____ C:\Users\lilse\Desktop\OneNote 2016.lnk
2017-12-10 18:23 - 2017-12-10 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-12-10 18:17 - 2017-12-10 18:17 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-12-08 17:34 - 2017-12-14 16:31 - 000001281 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-12-08 17:33 - 2017-12-14 16:31 - 000000000 ____D C:\Program Files (x86)\obs-studio
2017-12-08 17:16 - 2017-12-12 16:30 - 000000132 _____ C:\Users\lilse\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-12-08 16:39 - 2017-12-10 18:36 - 000000000 ____D C:\Users\lilse\Desktop\Photoshop Social Media Icon Pack
2017-12-08 12:57 - 2017-12-08 17:59 - 000000000 ____D C:\Users\lilse\Documents\Nightbot
2017-12-08 12:57 - 2017-12-08 12:57 - 000002329 _____ C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightbot.lnk
2017-12-08 12:57 - 2017-12-08 12:57 - 000002321 _____ C:\Users\lilse\Desktop\Nightbot.lnk
2017-12-08 12:57 - 2017-12-08 12:57 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Nightbot
2017-12-07 16:14 - 2017-12-07 16:52 - 000000150 _____ C:\Users\lilse\Desktop\TWITCH ALTS.txt
2017-12-07 13:12 - 2017-12-07 13:12 - 000212454 _____ C:\ProgramData\cl.uninstall.1512670282.bdinstall.bin
2017-12-07 13:11 - 2017-12-07 13:11 - 000038190 _____ C:\ProgramData\dm.uninstall.1512670295.bdinstall.bin
2017-12-07 13:11 - 2017-12-07 13:11 - 000022555 _____ C:\ProgramData\agent.uninstall.1512670270.bdinstall.bin
2017-12-07 12:37 - 2017-12-07 12:37 - 000000220 _____ C:\Users\lilse\Desktop\Garry's Mod.url
2017-12-06 20:37 - 2017-12-06 20:38 - 000002621 _____ C:\Users\lilse\AppData\Local\AppVShNotifyt.txt
2017-12-06 20:31 - 2017-12-06 20:38 - 000001778 _____ C:\Users\lilse\AppData\Local\x
2017-12-06 20:31 - 2017-12-06 20:31 - 000002621 _____ C:\Users\lilse\AppData\Local\AppVShNotifytvbs.vbs
2017-12-06 20:31 - 2017-12-06 20:31 - 000001781 _____ C:\Users\lilse\AppData\Local\xx
2017-12-06 20:30 - 2017-12-06 20:38 - 000938008 _____ C:\Users\lilse\AppData\Local\WindowsCodecsRaw.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000041984 _____ C:\Users\lilse\AppData\Local\AppVShNotifyt-t.exe
2017-12-06 20:30 - 2017-12-06 20:38 - 000002584 _____ C:\Users\lilse\AppData\Local\AppVShNotifytvbs.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ C:\Users\lilse\AppData\Local\XXML.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ C:\Users\lilse\AppData\Local\XML.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000000029 _____ C:\Users\lilse\AppData\Local\MCconfig.dll
2017-12-06 18:26 - 2017-12-07 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2017-12-06 18:26 - 2017-12-07 12:58 - 000000000 ____D C:\Program Files\Elgato
2017-12-06 18:26 - 2017-12-06 18:35 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Elgato
2017-12-06 18:26 - 2017-12-06 18:26 - 000000000 ____D C:\Users\lilse\AppData\Local\Elgato
2017-12-06 10:49 - 2017-12-12 16:31 - 000000000 ____D C:\Users\lilse\Desktop\Streaming Stuff
2017-12-06 10:49 - 2017-12-06 10:49 - 000000000 ____D C:\Users\lilse\Desktop\Stream Alerts
2017-12-06 10:47 - 2017-12-06 10:48 - 000002393 _____ C:\Users\lilse\Desktop\Twitch Alerts.lnk
2017-12-06 10:47 - 2017-12-06 10:47 - 000002401 _____ C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2017-12-06 10:47 - 2017-12-06 10:47 - 000000000 ____D C:\Users\lilse\AppData\Roaming\streamlabels
2017-12-05 17:14 - 2017-12-15 12:37 - 000000000 ____D C:\Users\lilse\Desktop\Donation Follow Subscriber Gifs
2017-12-05 13:08 - 2017-12-05 13:08 - 000002221 _____ C:\Users\Public\Desktop\Streamlabs Chatbot.lnk
2017-12-05 13:08 - 2017-12-05 13:08 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Streamlabs
2017-12-05 13:08 - 2017-12-05 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs
2017-12-04 19:16 - 2017-12-04 19:16 - 000000000 ____D C:\Users\lilse\AppData\Roaming\.mono
2017-12-04 19:16 - 2017-12-04 19:16 - 000000000 ____D C:\Users\lilse\AppData\LocalLow\Blizzard Entertainment
2017-12-04 19:16 - 2017-12-04 19:16 - 000000000 ____D C:\ProgramData\.mono
2017-12-04 18:52 - 2017-12-04 18:52 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\Users\lilse\AppData\Local\Blizzard Entertainment
2017-12-04 18:47 - 2017-12-04 19:16 - 000000000 ____D C:\Users\lilse\AppData\Local\Blizzard
2017-12-04 18:47 - 2017-12-04 18:47 - 000000000 ____D C:\ProgramData\Battle.net
2017-12-04 16:50 - 2017-12-16 16:30 - 000000000 ____D C:\Users\lilse\AppData\Roaming\obs-studio
2017-12-04 16:50 - 2017-12-04 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-11-30 20:05 - 2017-12-11 12:46 - 000000087 _____ C:\Users\lilse\Desktop\PC PARTS.txt
2017-11-30 04:50 - 2017-11-30 04:50 - 000000000 ____D C:\Users\lilse\AppData\Local\igfxmtc
2017-11-26 20:25 - 2017-11-26 20:26 - 000000000 ____D C:\ProgramData\Epic
2017-11-26 20:25 - 2017-11-26 20:25 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-11-26 20:25 - 2017-11-26 20:25 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-11-26 20:25 - 2017-11-26 20:25 - 000000000 ____D C:\Users\lilse\AppData\Local\UnrealEngineLauncher
2017-11-26 20:25 - 2017-11-26 20:25 - 000000000 ____D C:\Users\lilse\AppData\Local\EpicGamesLauncher
2017-11-26 20:25 - 2017-11-26 20:25 - 000000000 ____D C:\Program Files (x86)\Epic Games
2017-11-24 13:57 - 2017-12-17 19:46 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-23 14:32 - 2017-12-06 16:13 - 000000000 ____D C:\ProgramData\Adobe
2017-11-23 14:32 - 2017-11-28 17:21 - 000000000 ____D C:\Users\lilse\AppData\Local\Adobe
2017-11-23 14:18 - 2017-11-23 14:18 - 000000000 ____D C:\Users\lilse\Documents\VideoCopilot
2017-11-23 14:18 - 2017-11-23 14:18 - 000000000 ____D C:\ProgramData\VideoCopilot
2017-11-23 14:10 - 2017-12-08 13:39 - 000002503 _____ C:\Users\lilse\Desktop\Adobe Photoshop CS6.lnk
2017-11-23 14:10 - 2017-12-07 13:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-23 14:10 - 2017-11-28 17:21 - 000000000 ____D C:\Users\lilse\AppData\LocalLow\Adobe
2017-11-23 14:10 - 2017-11-23 14:10 - 000000040 ___HC C:\5DC9BB388E51
2017-11-19 20:26 - 2017-11-19 20:26 - 000000000 ____D C:\Users\lilse\AppData\Roaming\AnyDesk
2017-11-19 19:49 - 2017-12-15 21:45 - 000000000 ____D C:\Users\lilse\AppData\Roaming\.minecraft
2017-11-19 19:44 - 2017-11-19 19:44 - 000001032 _____ C:\Users\lilse\Desktop\Minecraft.lnk
2017-11-19 19:44 - 2017-11-19 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-11-19 17:54 - 2017-12-17 19:46 - 000000000 ___DC C:\AdwCleaner
2017-11-19 17:47 - 2017-11-19 17:47 - 000009080 ____C C:\TDSSKiller.3.1.0.15_19.11.2017_17.47.04_log.txt
2017-11-19 17:45 - 2017-11-19 17:46 - 000217076 ____C C:\TDSSKiller.3.1.0.15_19.11.2017_17.45.15_log.txt
2017-11-19 17:35 - 2017-05-31 11:09 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-19 17:34 - 2017-11-19 17:45 - 000000000 ___DC C:\TDSSKiller_Quarantine
2017-11-19 17:33 - 2017-11-19 17:35 - 000109692 ____C C:\TDSSKiller.3.1.0.15_19.11.2017_17.33.58_log.txt
2017-11-19 17:14 - 2017-11-19 17:14 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-19 15:51 - 2017-11-19 15:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-19 15:20 - 2017-11-19 15:20 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Synaptics
2017-11-19 15:08 - 2017-11-19 15:08 - 000058993 _____ C:\ProgramData\dm.1511122109.bdinstall.bin
2017-11-19 15:08 - 2017-11-19 15:08 - 000027624 _____ C:\WINDOWS\system32\bddel.exe
2017-11-19 15:07 - 2017-11-19 15:07 - 000400984 _____ C:\ProgramData\cl.1511121925.bdinstall.bin
2017-11-19 15:07 - 2017-11-19 15:07 - 000076787 _____ C:\ProgramData\cl.kit.1511121915.bdinstall.bin
2017-11-19 15:07 - 2017-11-19 15:07 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\szhunaso.sys
2017-11-19 14:58 - 2017-11-19 14:58 - 000034491 _____ C:\ProgramData\agent.update.1511121516.bdinstall.bin
2017-11-19 14:57 - 2017-11-19 14:57 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvrwjqov.sys
2017-11-19 14:55 - 2017-11-21 22:29 - 000000000 ____D C:\Users\lilse\AppData\Local\consmxb
2017-11-19 14:52 - 2017-12-18 10:40 - 000000000 ____D C:\Users\lilse\AppData\Local\upiabxt
2017-11-19 14:52 - 2017-12-18 10:17 - 002883072 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\lmmrpicsvc.exe
2017-11-19 14:52 - 2017-11-19 14:58 - 000000000 ____D C:\Users\lilse\AppData\Local\agnxwdio
2017-11-19 14:52 - 2017-11-19 14:52 - 000000000 ____D C:\WINDOWS\SysWOW64\rarcwun
2017-11-19 14:52 - 2017-11-19 14:52 - 000000000 ____D C:\WINDOWS\system32\rarcwun
2017-11-19 14:52 - 2017-11-19 14:52 - 000000000 ____D C:\Users\lilse\AppData\Roaming\et
2017-11-19 14:51 - 2017-11-19 15:08 - 000000000 ___HD C:\Program Files (x86)\Unformed
2017-11-19 14:51 - 2017-11-19 14:51 - 000000020 _____ C:\WINDOWS\b32438917
2017-11-19 14:51 - 2017-11-19 14:51 - 000000000 ___HD C:\Program Files (x86)\hofstra
2017-11-19 14:51 - 2017-11-19 14:51 - 000000000 ____D C:\Program Files (x86)\steinhauser
2017-11-19 14:50 - 2017-11-19 15:55 - 000000000 ____D C:\Users\lilse\AppData\Roaming\AGData
2017-11-19 14:37 - 2017-11-09 13:39 - 008693152 _____ (CyberGhost S.A. ) C:\Users\lilse\Desktop\CyberGhost_6.0.8.2959.exe
2017-11-19 10:40 - 2017-11-19 10:40 - 000011264 _____ (Whores) C:\WINDOWS\rakesh.exe
2017-11-18 21:53 - 2017-11-18 21:53 - 000000000 ____D C:\Users\lilse\AppData\Local\FortniteGame
2017-11-18 21:34 - 2017-11-26 20:42 - 000000000 ____D C:\Program Files\Epic Games
2017-11-18 20:54 - 2017-12-11 19:54 - 000000000 ____D C:\Users\lilse\AppData\Local\UnrealEngine
2017-11-18 20:54 - 2017-12-11 11:34 - 000788760 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-11-18 20:54 - 2017-11-18 20:54 - 000000000 ____D C:\Users\lilse\AppData\Roaming\EasyAntiCheat
2017-11-18 20:54 - 2017-11-18 20:54 - 000000000 ____D C:\Users\lilse\AppData\Local\DeadByDaylight
2017-11-18 20:03 - 2017-11-18 20:03 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Steam Crack by iHow
2017-11-18 19:55 - 2017-11-18 19:56 - 000000000 ____D C:\Users\lilse\AppData\Roaming\KeyExtractor
2017-11-18 15:44 - 2017-11-18 20:40 - 000000000 ____D C:\Program Files\Sandboxie
2017-11-18 15:44 - 2017-11-18 20:39 - 000001840 _____ C:\WINDOWS\Sandboxie.ini
2017-11-18 04:22 - 2017-11-18 04:22 - 000000000 ____D C:\Users\lilse\opera autoupdate
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-18 10:42 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-18 10:26 - 2017-11-17 14:40 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A64DEEBB-0657-4C3D-B42D-4B7C0A8EA3F8}
2017-12-18 10:25 - 2017-11-17 14:46 - 002728918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-18 10:23 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-18 10:23 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-18 10:23 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-18 10:17 - 2017-11-17 14:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-18 10:17 - 2017-10-11 12:52 - 000000000 __SHD C:\Users\lilse\IntelGraphicsProfiles
2017-12-17 23:30 - 2017-09-29 03:45 - 024641536 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-17 23:30 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-17 21:45 - 2017-11-17 14:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-17 17:29 - 2017-11-03 14:48 - 000000000 ____D C:\temp
2017-12-17 17:24 - 2017-10-20 18:07 - 000000000 ____D C:\Users\lilse\AppData\Roaming\discord
2017-12-17 17:19 - 2017-11-17 14:37 - 000000000 ____D C:\Users\lilse
2017-12-17 16:24 - 2017-10-11 18:02 - 000000000 ____D C:\Users\lilse\AppData\Local\CrashDumps
2017-12-17 15:01 - 2017-11-03 14:38 - 000000000 ____D C:\Users\lilse\AppData\Local\ElevatedDiagnostics
2017-12-16 22:32 - 2017-11-02 16:14 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-16 15:21 - 2017-11-04 15:38 - 000000000 ____D C:\Program Files (x86)\Notepad++
2017-12-16 11:46 - 2017-10-27 09:40 - 000001249 _____ C:\Users\lilse\Desktop\nativelog.txt
2017-12-15 13:21 - 2017-11-17 14:37 - 000000000 ____D C:\Users\lilse\AppData\Local\Packages
2017-12-15 12:46 - 2017-10-11 12:54 - 000000000 ____D C:\Users\lilse\AppData\Local\NVIDIA Corporation
2017-12-15 12:43 - 2017-10-11 12:52 - 000000000 ____D C:\Users\lilse\AppData\Local\VirtualStore
2017-12-15 12:43 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-15 12:42 - 2017-11-17 14:40 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:42 - 2017-11-17 14:40 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-15 12:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2017-12-15 12:35 - 2017-10-12 12:38 - 000000000 ____D C:\ProgramData\Oracle
2017-12-15 11:19 - 2017-10-08 09:31 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-15 11:14 - 2017-11-04 15:38 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Notepad++
2017-12-15 10:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 10:38 - 2017-10-08 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2017-12-13 19:14 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-12 21:22 - 2017-10-08 09:42 - 000000000 ____D C:\ProgramData\TetServer
2017-12-12 20:06 - 2017-11-17 14:40 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-12 20:06 - 2017-11-17 14:40 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 20:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 20:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 19:58 - 2017-11-17 14:33 - 005026400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-11 18:38 - 2017-10-20 18:07 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-11 18:38 - 2017-10-20 18:06 - 000000000 ____D C:\Users\lilse\AppData\Local\SquirrelTemp
2017-12-11 11:37 - 2017-10-12 09:42 - 000000000 ____D C:\Users\lilse\Desktop\Keystone
2017-12-11 10:02 - 2017-10-11 17:49 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-10 18:23 - 2017-10-08 09:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-10 18:23 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-10 18:17 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-07 18:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2017-12-07 13:10 - 2017-10-31 20:08 - 000000000 ____D C:\ProgramData\Razer
2017-12-07 13:10 - 2017-10-31 20:08 - 000000000 ____D C:\Program Files (x86)\Razer
2017-12-07 13:02 - 2017-10-12 16:13 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Easeware
2017-12-06 15:45 - 2017-10-11 13:10 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-05 16:17 - 2017-11-15 15:10 - 004485560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-12-05 16:17 - 2017-10-08 09:40 - 002404800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-12-05 16:17 - 2017-10-08 09:40 - 002070976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-12-03 17:38 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-03 17:38 - 2017-09-29 08:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-03 15:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-28 17:21 - 2017-10-11 12:52 - 000000000 ____D C:\Users\lilse\AppData\Roaming\Adobe
2017-11-21 16:00 - 2017-11-17 14:41 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-11-21 16:00 - 2017-11-17 14:41 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-11-20 13:04 - 2017-10-31 20:09 - 000000000 ____D C:\Users\lilse\AppData\Local\Razer
2017-11-19 20:52 - 2017-11-12 11:57 - 000000000 ____D C:\Users\lilse\Documents\AutomaticSolution Software
2017-11-19 19:45 - 2017-10-18 21:04 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-11-19 19:04 - 2017-10-28 19:10 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2017-11-19 15:28 - 2017-10-11 12:53 - 000000000 __RDL C:\Users\lilse\OneDrive
2017-11-19 15:20 - 2017-11-04 14:53 - 000000000 ____D C:\Users\lilse\AppData\Local\Opera Software
2017-11-19 15:11 - 2017-10-11 15:52 - 000008635 ____C C:\bdlog.txt
2017-11-19 15:10 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-19 15:10 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-11-19 15:08 - 2017-11-02 13:35 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-19 14:33 - 2017-11-17 14:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-11-18 15:47 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-18 04:20 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
 
==================== Files in the root of some directories =======
 
2017-12-08 17:16 - 2017-12-12 16:30 - 000000132 _____ () C:\Users\lilse\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-12-06 20:30 - 2017-12-06 20:38 - 000041984 _____ () C:\Users\lilse\AppData\Local\AppVShNotifyt-t.exe
2017-12-06 20:37 - 2017-12-06 20:38 - 000002621 _____ () C:\Users\lilse\AppData\Local\AppVShNotifyt.txt
2017-12-06 20:30 - 2017-12-06 20:38 - 000002584 _____ () C:\Users\lilse\AppData\Local\AppVShNotifytvbs.txt
2017-12-06 20:31 - 2017-12-06 20:31 - 000002621 _____ () C:\Users\lilse\AppData\Local\AppVShNotifytvbs.vbs
2017-12-06 20:30 - 2017-12-06 20:38 - 000000029 _____ () C:\Users\lilse\AppData\Local\MCconfig.dll
2017-12-06 20:30 - 2017-12-06 20:38 - 000938008 _____ () C:\Users\lilse\AppData\Local\WindowsCodecsRaw.txt
2017-12-06 20:31 - 2017-12-06 20:38 - 000001778 _____ () C:\Users\lilse\AppData\Local\x
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ () C:\Users\lilse\AppData\Local\XML.txt
2017-12-06 20:31 - 2017-12-06 20:31 - 000001781 _____ () C:\Users\lilse\AppData\Local\xx
2017-12-06 20:30 - 2017-12-06 20:38 - 000001684 _____ () C:\Users\lilse\AppData\Local\XXML.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\iaibehko.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-12-15 10:43
 
==================== End of FRST.txt ============================

 

ADDITION:

 

 
Ran by lilse (18-12-2017 10:44:21)
Running from C:\Users\lilse\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-17 19:42:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4116991164-3585888819-3333027806-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4116991164-3585888819-3333027806-503 - Limited - Disabled)
Guest (S-1-5-21-4116991164-3585888819-3333027806-501 - Limited - Disabled)
lilse (S-1-5-21-4116991164-3585888819-3333027806-1001 - Administrator - Enabled) => C:\Users\lilse
WDAGUtilityAccount (S-1-5-21-4116991164-3585888819-3333027806-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Alienware Command Center (HKLM\...\{4A7B5997-A768-4678-9329-00F3A1F2554D}) (Version: 4.7.10.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{4A7B5997-A768-4678-9329-00F3A1F2554D}) (Version: 4.7.10.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Alienware Graphics Amplifier Software Installer (HKLM\...\{65A710ED-DB96-4BA8-8B90-116D73D2D647}) (Version: 3.0.13.0 - Dell Inc.) Hidden
Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{65A710ED-DB96-4BA8-8B90-116D73D2D647}) (Version: 3.0.13.0 - Dell Inc.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.30 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.30 - Alienware Corp.)
Alienware Sound Center (HKLM-x32\...\{e4a0a2ba-fc24-4749-8397-372b9e0948b5}) (Version: 1.1.6 - Alienware) Hidden
Alienware Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AudioLaunchpadConfigurator (HKLM\...\{9AFDA363-0B80-4EB2-96C4-8B205DD21FD7}) (Version: 1.1.601 - Alienware) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
CheckDevicesConfigurator (HKLM\...\{7E39F55E-D0D5-4607-9F07-44D9EDFC8BB6}) (Version: 1.1.601 - Alienware) Hidden
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{4164FBBB-3428-4EFE-863F-30CAC3ADE51A}) (Version: 3.1.2.3837 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{80642b68-d76d-4777-a9dc-4ca30647e8a8}) (Version: 3.1.2.3837 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell System Detect (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\d24084d039586cae) (Version: 8.8.0.1 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{C7EE237C-1350-409E-8681-993C74E48757}) (Version: 3.1.1.3834 - Dell Inc.)
Discord (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.31 - Compal Electronics, Inc.) Hidden
EMSC (HKLM-x32\...\InstallShield_{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.31 - Compal Electronics, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.5.2 - Kionix, Inc.)
Game Capture HD v1.0.0.1 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 1.0.0.1 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.1.723 - SurfRight B.V.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.317 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Killer Ethernet Performance Suite (HKLM\...\{5A8D7377-2BAB-4880-A5FB-B91239BD771C}) (Version: 1.2.1268 - Rivet Networks)
Killer Wireless Drivers (HKLM\...\{76EAE8AA-E399-489C-80BC-A8E73114EF20}) (Version: 1.2.1268 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup (HKLM\...\{7B4A3140-8581-44D0-93E5-4E4B18C4A519}) (Version: 1.1.601 - Alienware) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nahimic2UISetup (HKLM\...\{1BE26814-3654-479F-B483-A14D5DD46D35}) (Version: 1.1.601 - Alienware) Hidden
NahimicSettingsConfigurator (HKLM\...\{ECC31226-0322-439C-AE4B-EBB3EB540878}) (Version: 1.1.601 - Alienware) Hidden
Nightbot 0.1.1 (only current user) (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\b66ff3d2-8923-5696-ac2e-977beadfec4e) (Version: 0.1.1 - NightDev, LLC)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
ProductDaemonSetup (HKLM\...\{309081B0-ABEF-449E-AACC-C238E6009E8C}) (Version: 1.1.601 - Alienware) Hidden
Python 3.6.3 (32-bit) (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\{1bb10b8c-6e63-4897-9fb2-3873ce30d7e1}) (Version: 3.6.3150.0 - Python Software Foundation)
Python 3.6.3 Core Interpreter (32-bit) (HKLM-x32\...\{52D39C34-E5F5-41AE-88CD-5DE66C9150B4}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (32-bit) (HKLM-x32\...\{F7D9BDE7-2C35-4F7E-AEBE-9F3028451087}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (32-bit) (HKLM-x32\...\{20EB04A7-B5EF-485E-9440-F36214C5501D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit) (HKLM-x32\...\{CA16E2AA-4499-4FE5-A88C-174612920734}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (32-bit) (HKLM-x32\...\{DA64A828-F7A9-4A19-97BD-3A9A63CEB972}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit) (HKLM-x32\...\{14843392-E9B3-4031-BCF6-FC00D5791AA8}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AE89BB1E-1C06-4556-AA05-A6628DE07BA9}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit) (HKLM-x32\...\{63208505-67AD-4AAC-BD7B-00DE5B83BAF0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (32-bit) (HKLM-x32\...\{6CF91DC2-CED3-410B-88BB-E048C994AA1A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.7.5 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Rules of Survival version 1.0.0 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.0.0 - Hong Kong Netease Interactive Entertainment Limited)
SonicMapperConfigurator (HKLM\...\{C3F4C02E-668D-44AB-88D2-F7B28995763D}) (Version: 1.1.601 - Alienware) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamLabels 0.2.8 (only current user) (HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.8 - Streamlabs)
Streamlabs Chatbot version 1.0.2.17 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.2.17 - Streamlabs)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.59 - Synaptics Incorporated)
Tet Fw Files (HKLM-x32\...\{D7ECC60F-0EDA-4984-91BD-2F2C90A602BA}) (Version: 1.0.0.0 - Tobii AB) Hidden
Thunderbolt™ Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
Tobii Bundle Requirements (HKLM-x32\...\{0FC6EDE1-E1B6-4AC4-833B-3FBC2871A208}) (Version: 2.10.0.6432 - Tobii AB) Hidden
Tobii Eula (HKLM-x32\...\{D9EEAE28-8BC2-412B-BF40-6FF6C82F4F41}) (Version: 2.10.0.6432 - Tobii AB) Hidden
Tobii Eye Tracking (HKLM-x32\...\{def619fe-04aa-47e1-80aa-f1abc3cf15cd}) (Version: 2.10.0.6432 - Tobii AB)
Tobii EyeX (HKLM-x32\...\{B2EA04C5-7D62-49D4-AE5D-32A8E35101AB}) (Version: 1.21.0.8242 - Tobii AB) Hidden
Tobii EyeX Config (HKLM-x32\...\{8AC172FB-3932-4986-A965-368328B7D1FC}) (Version: 4.7.0.942 - Tobii AB) Hidden
Tobii EyeX Interaction (HKLM-x32\...\{C0ABCA5C-E706-4616-8F13-32CB34739B13}) (Version: 2.10.0.4588 - Tobii AB) Hidden
Tobii EyeX Intro (HKLM-x32\...\{AF629577-33D6-4486-B113-3E5FCDE497D0}) (Version: 1.0.3.173 - Moonshot) Hidden
Tobii IS3 Eye Tracker Driver (HKLM-x32\...\{432D9D4E-D79E-4451-BF37-E36174D92E29}) (Version: 2.0.4 - Tobii AB) Hidden
Tobii PTP Filter Driver (HKLM\...\{AB77784C-40BA-4ABD-B7D6-5296773E8B67}) (Version: 1.1.0.75 - Tobii AB) Hidden
Tobii Service (HKLM-x32\...\{454ACCE1-E688-47C5-95A7-BAD66F78AA00}) (Version: 1.21.0.7209 - Tobii AB) Hidden
UIInstallUpgrade (HKLM\...\{782C0CC5-E96A-4136-9F24-DF593B161F1A}) (Version: 1.1.601 - Alienware) Hidden
VR Fw Files (HKLM-x32\...\{AAC4BA55-7772-4519-8BD1-283196AC490A}) (Version: 1.0.0.0 - Tobii AB) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-05] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxDTCM.dll [2017-06-29] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CF3D069-D047-4F3F-AB99-BC873585FAE5} - \iusb3mon -> No File <==== ATTENTION
Task: {18E9D43D-CCF0-4D45-9EAB-FA05D231E4B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {24CFA555-C273-4467-8017-DBCC4AE88334} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {283A6E3B-F693-4DEA-9B1A-4FC7055CED21} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
Task: {2A49EFDA-1E95-4DD4-AE22-D3F8A4DB85CC} - System32\Tasks\AWSoundCenterSvc32Run => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe [2017-03-10] ()
Task: {32F5C6E0-2D60-485E-A5FD-9206B5C78F51} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-05] (NVIDIA Corporation)
Task: {39B29049-F48A-4841-8787-B63E4806FF08} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-05] (NVIDIA Corporation)
Task: {3D693552-EFBD-4749-9CB0-BC7CFE6C3BC9} - System32\Tasks\Opera scheduled suite Autoupdate 1509825215 => C:\Users\lilse\AppData\Local\Programs\Opera\launcher.exe
Task: {4116B838-B278-421D-828D-396BF8BA8231} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
Task: {41EBBF1D-67FB-4434-AF4F-0686E7D698BC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-05] (NVIDIA Corporation)
Task: {5376F194-D572-4914-A072-6E758090C806} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-14] (Intel Corporation)
Task: {5500D47A-32B3-4093-B87C-E96198A23E76} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {658172FB-FBF1-4845-8EF1-D281695880C4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-10-31] (Bitdefender)
Task: {6A27C887-AB8A-4995-9E30-D18AA935269C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {705CD51F-5AB4-4467-BAC3-2A1F2C0CF9BA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {752F105C-66A2-4643-AA17-0902F7D3F321} - System32\Tasks\AWSoundCenterSvc64Run => C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe [2017-03-10] ()
Task: {75B8DCE9-F4EA-46F2-A2E7-544C48A543D1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-13] (Intel® Corporation)
Task: {7D5CDE72-4AD6-4369-B766-D9A480DE9504} - System32\Tasks\AWSoundCenterUILauncherRun => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe [2017-03-10] (A-Volute)
Task: {7D71EEA3-5E82-413D-AC48-A27B88FBD72A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-05] (NVIDIA Corporation)
Task: {7E897419-880F-4ED1-8509-4555AF9BAA29} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
Task: {81B38CBF-67B9-44E3-AB87-8DADD921ECEC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {8477C0EF-ED72-4C9D-A28F-17003F566D7D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {85B88ADB-A7C9-4510-AC10-F9BB81207515} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {89BD84FF-0466-4546-8725-1ED69274C623} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-14] (Intel Corporation)
Task: {9ABFA738-C271-4019-A7FB-F8E6C9027E4E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-10] ()
Task: {A0F30610-B6E2-4F58-B20D-F539A523DEAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {AD87261B-64B5-49CE-8EE1-F26E01D674EF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-10] (Microsoft Corporation)
Task: {B0809D28-BA34-4E71-B6DA-410BD6C4D404} - System32\Tasks\Opera scheduled Autoupdate 1509825211 => C:\Users\lilse\AppData\Local\Programs\Opera\launcher.exe
Task: {B1E4ABDD-4853-4FFC-B123-1ADD6846DA03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {B6900E53-BE79-4F9A-8E79-68B231A7C760} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
Task: {C3DAEC3D-43DB-4D5C-815D-D1193BED496F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {C80F9DC8-053F-404B-AFB0-2C286FFDAB09} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {E5043FD8-5EF5-422D-9261-ADCE052B9804} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {F058C156-211C-45DA-8C5E-4BCBE9B5EAD2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
Task: {F3D78FEF-B7BC-478F-BF29-6E26620110A2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-10] ()
Task: {FA39F742-CFA6-4375-8B9D-F25F355AF2EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AWSoundCenterSvc32Run.job => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe
Task: C:\WINDOWS\Tasks\AWSoundCenterSvc64Run.job => C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe
Task: C:\WINDOWS\Tasks\AWSoundCenterUILauncherRun.job => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-10 07:15 - 2017-03-10 07:15 - 000217272 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll
2017-07-04 03:27 - 2017-07-04 03:27 - 000190208 _____ () C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-19 17:09 - 2017-07-19 17:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-17 19:00 - 2016-10-17 19:00 - 000107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-17 19:00 - 2016-10-17 19:00 - 000412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-22 10:41 - 2017-05-22 10:41 - 002545088 _____ () C:\Program Files (x86)\Tobii\Service\Tobii Lite Core.exe
2016-11-01 16:18 - 2016-11-01 16:18 - 000253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2017-12-06 15:45 - 2017-12-05 23:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-06 15:45 - 2017-12-05 23:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-11-19 10:40 - 2017-11-19 10:40 - 000073565 _____ () C:\Program Files (x86)\hofstra\aller.exe
2017-03-10 07:12 - 2017-03-10 07:12 - 002365624 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCentersvc32.exe
2017-03-10 07:15 - 2017-03-10 07:15 - 000514744 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCentersvc64.exe
2017-11-17 17:27 - 2017-11-17 17:27 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-11-17 17:27 - 2017-11-17 17:27 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2017-05-19 17:58 - 2017-05-19 17:58 - 000051680 _____ () C:\Program Files (x86)\Tobii\Service\plugins\Tobii.EyeX.Controller.Service.Library.dll
2017-05-19 17:57 - 2017-05-19 17:57 - 000051680 _____ () C:\Program Files (x86)\Tobii\Service\tecs.hid.dll
2017-05-19 17:58 - 2017-05-19 17:58 - 000191968 _____ () C:\Program Files (x86)\Tobii\Service\tecs.lite.dll
2017-05-19 17:57 - 2017-05-19 17:57 - 000430048 _____ () C:\Program Files (x86)\Tobii\Service\tecs.host.dll
2017-05-19 17:57 - 2017-05-19 17:57 - 000161760 _____ () C:\Program Files (x86)\Tobii\Service\libtobii_windll.dll
2017-12-15 12:42 - 2017-12-05 16:17 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-22 10:41 - 2017-05-22 10:41 - 000118528 _____ () C:\Program Files (x86)\Tobii\Service\iframeclientDll.dll
2017-07-10 00:59 - 2017-07-10 00:59 - 001074928 _____ () C:\Program Files (x86)\Tobii\Tobii EyeX\tobii_stream_engine.DLL
2016-12-28 18:06 - 2016-12-28 18:06 - 000127216 _____ () C:\Program Files (x86)\Tobii\Tobii EyeX\tobii_firmware_upgrade.dll
2017-03-10 07:10 - 2017-03-10 07:10 - 000192184 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterDevProps.dll
2017-12-11 18:38 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\lilse\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-11 18:38 - 2017-12-11 18:38 - 001886712 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-11 18:38 - 2017-12-11 18:38 - 001773560 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-15 12:42 - 2017-12-05 16:17 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-12-11 18:38 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\lilse\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-11 18:38 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\lilse\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-10-08 09:31 - 2017-10-08 09:31 - 000939008 _____ () C:\WINDOWS\SYSTEM32\EMSC.dll
2017-12-11 18:38 - 2017-12-11 18:38 - 009802232 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-11 18:38 - 2017-12-11 18:38 - 001505784 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-11 18:38 - 2017-12-11 18:38 - 000513016 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-11 18:38 - 2017-12-11 18:38 - 002662904 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-11 18:38 - 2017-12-11 18:38 - 001517048 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-11 18:38 - 2017-12-11 18:38 - 002749944 _____ () \\?\C:\Users\lilse\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-09-22 15:28 - 2017-09-22 15:28 - 000140664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Alienware Update\ServiceTagPlusPlus.dll
2016-11-08 18:40 - 2016-11-08 18:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvrwjqov.sys:changelist [338]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\szhunaso.sys:changelist [472]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\7566D2EB => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93028116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\7566D2EB => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93028116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\AW_EclipseHead_Final_2016.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "DLQLU"
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\StartupApproved\StartupFolder: => "stdafx.lnk"
HKU\S-1-5-21-4116991164-3585888819-3333027806-1001\...\StartupApproved\Run: => "segundo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6BDF4D6A-38E1-4263-B1DF-21809C60CD42}] => (Allow) C:\Users\lilse\AppData\Local\Programs\Opera\48.0.2685.52\opera.exe
FirewallRules: [UDP Query User{FE0FFDA3-2C66-4F45-8555-CCC0F5312326}C:\program files\faceit\faceit.exe] => (Allow) C:\program files\faceit\faceit.exe
FirewallRules: [TCP Query User{278C4332-7EF6-409C-A272-6C00D36EC3F8}C:\program files\faceit\faceit.exe] => (Allow) C:\program files\faceit\faceit.exe
FirewallRules: [UDP Query User{AFD6CB5F-3F47-4803-B8A3-2CF3A800A1C3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{73977995-C341-4068-B227-CA7E450FE6A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{61E534CF-A1AB-41C2-876D-38DFA243CADB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7F684C1E-1F4A-4560-81F1-26438F8FA9CF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3C192A26-6095-4E37-B4AF-234190F4DAF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0461189C-9BED-4422-AFCC-2AFC699D4D4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AA367A6-42D5-4902-BA8F-3ECDB0CF7362}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{4D4767C9-5491-4AB0-8B94-FA48D0563F06}C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe] => (Allow) C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe
FirewallRules: [TCP Query User{DE0ECE58-CAFD-4430-8D7B-7B45B9D7030F}C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe] => (Allow) C:\users\lilse\downloads\1760_application_all_windows_fra\setupassistance\fscommand\dlact.exe
FirewallRules: [TCP Query User{E0A34FBE-4F79-4715-8097-C4E0F6CD2203}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{4F0149C4-9C0F-4371-923E-16BC868AE77F}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{0D0B1AF0-96E0-42EF-82B2-9604780C5C3C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{90952B08-0B85-4F96-91F5-2659233DE2C7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{FB905338-EF38-4080-8C3A-1984BBBC3D55}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{AC0AF428-8EA8-4845-8C93-F73A87631DD4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{81DF8141-38D2-44B8-BACD-075A0F6DD0EA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{A04F2A72-FEF9-4BF8-8146-49C5A90CC834}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{3AD7DB6F-BD01-407E-8956-6E4BF14AD002}C:\users\lilse\downloads\anydesk.exe] => (Allow) C:\users\lilse\downloads\anydesk.exe
FirewallRules: [UDP Query User{3B36EB53-01A2-4098-A80C-C378A71A0971}C:\users\lilse\downloads\anydesk.exe] => (Allow) C:\users\lilse\downloads\anydesk.exe
FirewallRules: [TCP Query User{B2BEA60C-AC7E-4A5E-84A7-B8E8C67DA063}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B4DC8DFF-B2F1-4E05-A487-2D3CC73AC19F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{16AC43A2-BD82-48D0-A3C9-0DDD6401EF7C}] => (Allow) C:\Users\lilse\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe
FirewallRules: [{BCB82FE3-D64F-4090-9944-679EAAD9CE2A}] => (Allow) C:\Users\lilse\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe
FirewallRules: [{2FE39C53-9CEA-4A14-9E7B-ACBACB0C0E7A}] => (Allow) C:\Users\lilse\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe
FirewallRules: [{7FB328B9-5911-497C-ADA2-F2B7F38075DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1F38475F-C0D7-4819-82B5-4692FDF4BC39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8CBAC570-FF94-4D59-A86C-C1FB16716C0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{10A015DB-AAA2-420F-8051-40440EBD0911}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{57D2FB10-8CAE-4F97-B6CB-784409649E40}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{6165915B-4C70-49A2-9E10-9C0BEA3E2534}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F8EB7DAC-E219-48CD-80CF-2244561CEF5C}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A9222997-B557-456A-AF8D-90DFD0944575}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3AAAA680-FD79-4B95-8ACE-E6E71357BC8F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0FD2FF50-B9B4-445B-9E4E-7383BF17B6FF}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1D8BA9FB-1BDE-400E-958E-5273B579F48A}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{AC175E10-1123-4DBB-B34D-65340723364A}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{7721EF35-48CF-4EE7-AF13-05418FD0D4AC}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{66767337-19D2-49D6-BB9B-88909E59FF2B}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{AE56C0D5-7CFE-4C84-B3AE-F074BA482FF4}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{C76677BC-1F16-4796-B91F-2040D13441E2}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{889B6786-EBBB-4E54-9C14-8A8034CA0FBC}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{A414AFC3-4174-43C7-A401-F65214EF0C69}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{239A7E01-9B00-432C-9300-4D5D3D539616}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{5FF07492-8225-4EF7-894F-E6139ACEC0EC}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
 
==================== Restore Points =========================
 
18-12-2017 10:43:40 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/17/2017 08:07:50 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 20:07:50,657 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:23:59 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:23:59,534 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:23:59 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:23:59,274 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:23:58 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:23:58,931 [7] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:23:58 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:23:58,930 [5] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:00:14 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:00:14,406 [25] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:00:14 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:00:14,126 [25] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:00:13 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:00:13,756 [25] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 07:00:13 PM) (Source: Tobii.Service.exe) (EventID: 0) (User: )
Description: 2017-12-17 19:00:13,756 [4] ERROR Tobii.Update.UpdaterEngine [(null)] - We do not have a certificate for the remote host.
 
Error: (12/17/2017 05:35:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LegacyCsLoaderService.exe, version: 1.9.6.80, time stamp: 0x58059006
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0x40000015
Fault offset: 0x0000000000013fb8
Faulting process id: 0xefc
Faulting application start time: 0x01d37785b6aa526c
Faulting application path: C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: be9947c8-fad9-4712-9443-9709d771e776
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/18/2017 10:44:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/18/2017 10:43:51 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: OS\Device\HarddiskVolumeShadowCopy33
 
Error: (12/18/2017 10:41:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/18/2017 10:38:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517).
 
Error: (12/18/2017 10:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/18/2017 10:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/18/2017 10:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/18/2017 10:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/18/2017 10:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/18/2017 10:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-16 21:38:09.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:38:09.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:38:08.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:38:08.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:59.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:58.753
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-12-16 21:37:58.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterOSD.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 16257.03 MB
Available physical RAM: 8942.35 MB
Total Virtual: 32641.03 MB
Available Virtual: 24686.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:103.08 GB) (Free:18.29 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:768.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 5054CE03)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 5054C4E2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 18 December 2017 - 02:04 PM


Hi,

Launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your nexy reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::


Wait for further instructions.

#5 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 18 December 2017 - 02:32 PM

.


I believe I attached that right.... if not i will copy and paste it here:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by lilse (18-12-2017 14:28:41) Run:1
Running from C:\Users\lilse\Downloads
Loaded Profiles: lilse (Available Profiles: lilse)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
CldFlt                C:                                        180451     CldFlt                    0     00000007  
CldFlt                \Device\HarddiskVolumeShadowCopy21        180451     CldFlt                    0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              C:                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              D:                                         40500     FileInfo                  0     00000007  
FileInfo              \Device\HarddiskVolumeShadowCopy21         40500     FileInfo                  0     00000007  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000007  
Wof                   C:                                         40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                   D:                                         40700     Wof Instance              0     00000007  
Wof                   \Device\HarddiskVolumeShadowCopy21         40700     Wof Instance              0     00000007  
czlmn                 C:                                         45666     czlmn Instance            0     00000000  
czlmn                 \Device\Mup                                45666     czlmn Instance            0     00000000  
luafv                 C:                                        135000     luafv                     0     00000007  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              C:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              D:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              \Device\HarddiskVolumeShadowCopy21         45888     udiskMgr Instance         0     00000000  
udiskMgr              \Device\Mup                                45888     udiskMgr Instance         0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000007  
 
========= End of CMD: =========
 
 
========= dir /a:-d /o:d C:\windows\system32\drivers =========
 
 Volume in drive C is OS
 Volume Serial Number is 76FA-ABF6
 
 Directory of C:\windows\system32\drivers
 
04/21/2016  04:10 AM            27,136 tap0901.sys
06/13/2016  01:04 PM            38,544 kxdiskprot.sys
08/12/2016  08:39 PM            71,232 dptf_acpi.sys
08/12/2016  08:39 PM            66,624 dptf_cpu.sys
08/12/2016  08:40 PM           350,272 esif_lf.sys
08/16/2016  03:09 PM            54,800 HidEventFilter.sys
08/18/2016  06:15 PM            35,216 EMSC.sys
09/13/2016  02:41 PM            59,792 ndisrfl.sys
09/21/2016  12:23 AM            50,312 kiox_ff_driver.sys
09/22/2016  09:40 PM           204,896 TeeDriverW8x64.sys
10/30/2016  07:41 AM            52,240 rzendpt.sys
10/30/2016  07:44 AM            48,144 rzmpos.sys
10/30/2016  07:44 AM           204,824 rzudd.sys
11/08/2016  03:36 PM            18,720 IntelMEFWVer.dll
11/30/2016  06:04 AM         3,792,904 CMUSBDAC.sys
12/21/2016  07:11 PM         3,224,576 rtsuvc.sys
03/23/2017  03:31 AM        10,755,842 RTAIODAT.DAT
03/23/2017  02:58 PM         5,702,144 RTKVHD64.sys
04/16/2017  01:28 AM           605,616 btfilter.sys
04/17/2017  12:57 PM           164,592 e2xw10x64.sys
05/03/2017  12:39 PM             8,124 eeprom_ar6320_3p0_NFA344a.bin
05/03/2017  12:39 PM         1,071,984 qca61x4_2_2.bin
05/03/2017  12:39 PM         2,421,680 Qcamain10x64.sys
05/03/2017  12:39 PM            97,210 Data61x4_2_2.msc
05/04/2017  11:05 PM           123,624 RfeCo10X64.sys
05/18/2017  02:55 AM            68,160 Smb_driver_AMDASF_Aux.sys
05/18/2017  02:55 AM            72,256 Smb_driver_Intel.sys
05/18/2017  02:55 AM            72,256 Smb_driver_Intel_Aux.sys
05/18/2017  02:55 AM            78,912 SynPTPHID_Aux.sys
05/18/2017  02:55 AM           886,336 SynTP.sys
05/18/2017  02:55 AM            66,112 SynRMIHID_Aux.sys
05/31/2017  11:09 AM            77,376 mbae64.sys
06/29/2017  11:46 AM           825,344 IntcDAud.sys
07/11/2017  10:10 AM            39,208 ElgatoVAD.sys
07/19/2017  11:16 AM            45,752 rzpmgrk.sys
07/27/2017  09:52 AM            32,960 DDDriver64Dcsa.sys
07/27/2017  09:52 AM            32,568 DellProf.sys
08/18/2017  05:38 PM           897,544 iaStorA.sys
08/18/2017  05:38 PM            70,664 iaStorAfs.sys
08/19/2017  10:56 AM           139,704 rzpnk.sys
09/11/2017  09:44 PM            37,832 iqvw64e.sys
09/29/2017  08:40 AM            79,360 iaLPSS2i_GPIO2.sys
09/29/2017  08:40 AM           174,592 iaLPSS2i_I2C_BXT_P.sys
09/29/2017  08:40 AM            36,864 iagpio.sys
09/29/2017  08:40 AM            88,576 iaLPSS2i_GPIO2_BXT_P.sys
09/29/2017  08:40 AM           171,520 iaLPSS2i_I2C.sys
09/29/2017  08:40 AM            60,312 CAD.sys
09/29/2017  08:40 AM            91,648 iai2c.sys
09/29/2017  08:40 AM           119,704 pcmcia.sys
09/29/2017  08:40 AM            46,592 hidir.sys
09/29/2017  08:40 AM            49,152 circlass.sys
09/29/2017  08:40 AM           118,680 EhStorTcgDrv.sys
09/29/2017  08:40 AM            86,016 hdaudbus.sys
09/29/2017  08:40 AM            67,584 bthmodem.sys
09/29/2017  08:40 AM           113,152 iaLPSSi_I2C.sys
09/29/2017  08:40 AM            96,768 drmk.sys
09/29/2017  08:40 AM           102,912 usbcir.sys
09/29/2017  08:40 AM            16,224 drmkaud.sys
09/29/2017  08:40 AM           135,168 USBAUDIO.sys
09/29/2017  08:40 AM           379,392 portcls.sys
09/29/2017  08:41 AM            27,136 usbprint.sys
09/29/2017  08:41 AM            38,912 monitor.sys
09/29/2017  08:41 AM           130,640 intelpep.sys
09/29/2017  08:41 AM            38,128 iaLPSSi_GPIO.sys
09/29/2017  08:41 AM            16,896 pnpmem.sys
09/29/2017  08:41 AM           103,936 rhproxy.sys
09/29/2017  08:41 AM            14,336 acpipmi.sys
09/29/2017  08:41 AM           533,912 bxvbda.sys
09/29/2017  08:41 AM         3,419,032 evbda.sys
09/29/2017  08:41 AM           159,744 cdrom.sys
09/29/2017  08:41 AM            20,480 AcpiDev.sys
09/29/2017  08:41 AM           109,976 sbp2port.sys
09/29/2017  08:41 AM           107,416 3ware.sys
09/29/2017  08:41 AM           237,056 1394ohci.sys
09/29/2017  08:41 AM           122,368 capimg.sys
09/29/2017  08:41 AM            83,352 amdsata.sys
09/29/2017  08:41 AM           258,592 amdsbs.sys
09/29/2017  08:41 AM            27,032 amdxata.sys
09/29/2017  08:41 AM           131,992 arcsas.sys
09/29/2017  08:41 AM         1,135,512 adp80xx.sys
09/29/2017  08:41 AM             9,728 bcmfn2.sys
09/29/2017  08:41 AM           103,320 lsi_sas3i.sys
09/29/2017  08:41 AM           108,064 lsi_sas.sys
09/29/2017  08:41 AM           123,800 lsi_sas2i.sys
09/29/2017  08:41 AM            30,720 wacompen.sys
09/29/2017  08:41 AM            63,520 HpSAMD.sys
09/29/2017  08:41 AM            82,840 lsi_sss.sys
09/29/2017  08:41 AM            63,520 MegaSas2i.sys
09/29/2017  08:41 AM            59,800 megasas.sys
09/29/2017  08:41 AM            63,896 mvumis.sys
09/29/2017  08:41 AM           575,896 megasr.sys
09/29/2017  08:41 AM            16,896 MTConfig.sys
09/29/2017  08:41 AM           150,424 nvraid.sys
09/29/2017  08:41 AM            58,776 percsas2i.sys
09/29/2017  08:41 AM           166,296 nvstor.sys
09/29/2017  08:41 AM            81,816 sisraid4.sys
09/29/2017  08:41 AM            44,952 sisraid2.sys
09/29/2017  08:41 AM            61,848 percsas3i.sys
09/29/2017  08:41 AM            31,128 stexstor.sys
09/29/2017  08:41 AM           305,560 VSTXRAID.SYS
09/29/2017  08:41 AM           166,808 vsmraid.sys
09/29/2017  08:41 AM            56,320 umbus.sys
09/29/2017  08:41 AM           357,272 cht4sx64.sys
09/29/2017  08:41 AM           141,208 cht4dx64.sys
09/29/2017  08:41 AM           279,448 msiscsi.sys
09/29/2017  08:41 AM         1,723,288 cht4vx64.sys
09/29/2017  08:41 AM            13,824 errdev.sys
09/29/2017  08:41 AM            32,152 winmad.sys
09/29/2017  08:41 AM            64,920 winverbs.sys
09/29/2017  08:41 AM           108,952 ndfltr.sys
09/29/2017  08:41 AM           842,648 mlx4_bus.sys
09/29/2017  08:41 AM           526,232 ibbus.sys
09/29/2017  08:41 AM            17,920 sfloppy.sys
09/29/2017  08:41 AM            32,768 fdc.sys
09/29/2017  08:41 AM            38,296 hidbatt.sys
09/29/2017  08:41 AM            26,624 flpydisk.sys
09/29/2017  08:41 AM            22,936 isapnp.sys
09/29/2017  08:41 AM            92,056 IPMIDrv.sys
09/29/2017  08:41 AM            18,840 msisadrv.sys
09/29/2017  08:41 AM            38,912 invdimm.sys
09/29/2017  08:41 AM           674,200 iaStorAV.sys
09/29/2017  08:41 AM           412,056 iaStorV.sys
09/29/2017  08:41 AM            53,144 pciidex.sys
09/29/2017  08:41 AM            84,992 serial.sys
09/29/2017  08:41 AM            25,088 serenum.sys
09/29/2017  08:41 AM           149,400 storahci.sys
09/29/2017  08:41 AM            19,352 intelide.sys
09/29/2017  08:41 AM           194,456 ataport.sys
09/29/2017  08:41 AM            28,568 atapi.sys
09/29/2017  08:41 AM            16,280 pciide.sys
09/29/2017  08:41 AM            98,816 parport.sys
09/29/2017  08:41 AM            40,856 mssmbios.sys
09/29/2017  08:41 AM            88,576 nvdimmn.sys
09/29/2017  08:41 AM           100,352 pmem.sys
09/29/2017  08:41 AM           103,320 stornvme.sys
09/29/2017  08:41 AM           118,168 scmbus.sys
09/29/2017  08:41 AM            79,256 uaspstor.sys
09/29/2017  08:41 AM           713,624 vhdmp.sys
09/29/2017  08:41 AM            37,784 bttflt.sys
09/29/2017  08:41 AM            43,008 vnvdimm.sys
09/29/2017  08:41 AM            54,680 vdrvroot.sys
09/29/2017  08:41 AM            18,432 wmiacpi.sys
09/29/2017  08:41 AM           733,592 acpi.sys
09/29/2017  08:41 AM           180,224 amdk8.sys
09/29/2017  08:41 AM           198,656 intelppm.sys
09/29/2017  08:41 AM            58,880 BasicDisplay.sys
09/29/2017  08:41 AM            94,104 disk.sys
09/29/2017  08:41 AM           177,152 processr.sys
09/29/2017  08:41 AM           178,176 amdppm.sys
09/29/2017  08:41 AM            83,864 volmgr.sys
09/29/2017  08:41 AM           571,288 spaceport.sys
09/29/2017  08:41 AM            15,392 volume.sys
09/29/2017  08:41 AM           171,416 spacedump.sys
09/29/2017  08:41 AM            28,568 uefi.sys
09/29/2017  08:41 AM           362,904 pci.sys
09/29/2017  08:41 AM            13,312 acpitime.sys
09/29/2017  08:41 AM            29,696 CmBatt.sys
09/29/2017  08:41 AM            12,800 acpipagr.sys
09/29/2017  08:41 AM           505,240 mausbhost.sys
09/29/2017  08:41 AM            55,840 mausbip.sys
09/29/2017  08:41 AM            39,832 battc.sys
09/29/2017  08:41 AM            71,680 usbser.sys
09/29/2017  08:41 AM            33,176 SDFRd.sys
09/29/2017  08:41 AM            18,328 swenum.sys
09/29/2017  08:41 AM            35,328 TsUsbGD.sys
09/29/2017  08:41 AM             9,216 vms3cap.sys
09/29/2017  08:41 AM            16,896 hyperkbd.sys
09/29/2017  08:41 AM            28,160 HyperVideo.sys
09/29/2017  08:41 AM            25,088 VMBusHID.sys
09/29/2017  08:41 AM            46,592 dmvsc.sys
09/29/2017  08:41 AM            13,312 vmgencounter.sys
09/29/2017  08:41 AM            43,008 RfxVmt.sys
09/29/2017  08:41 AM            64,512 Synth3dVsc.sys
09/29/2017  08:41 AM            75,160 vpci.sys
09/29/2017  08:41 AM           192,512 netvsc.sys
09/29/2017  08:41 AM            47,512 vmstorfl.sys
09/29/2017  08:41 AM           109,976 vmbus.sys
09/29/2017  08:41 AM            39,320 storvsc.sys
09/29/2017  08:41 AM            10,240 vmgid.sys
09/29/2017  08:41 AM            23,040 BtaMPM.sys
09/29/2017  08:41 AM            45,056 BthAvrcpTg.sys
09/29/2017  08:41 AM            31,232 BthhfHid.sys
09/29/2017  08:41 AM           107,008 bthhfenum.sys
09/29/2017  08:41 AM            20,992 genericusbfn.sys
09/29/2017  08:41 AM            27,544 urssynopsys.sys
09/29/2017  08:41 AM            97,312 UfxChipidea.sys
09/29/2017  08:41 AM            28,568 urschipidea.sys
09/29/2017  08:41 AM           129,536 bthpan.sys
09/29/2017  08:41 AM            83,968 bthl2cap.sys
09/29/2017  08:41 AM           189,440 rfcomm.sys
09/29/2017  08:41 AM            78,848 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
09/29/2017  08:41 AM           105,472 bthenum.sys
09/29/2017  08:41 AM           140,696 ufxsynopsys.sys
09/29/2017  08:41 AM            85,504 BTHUSB.SYS
09/29/2017  08:41 AM           114,688 hidbth.sys
09/29/2017  08:41 AM            61,440 dc1-controller.sys
09/29/2017  08:41 AM            46,592 xinputhid.sys
09/29/2017  08:41 AM           281,600 xboxgip.sys
09/29/2017  08:41 AM            45,056 devauthe.sys
09/29/2017  08:41 AM            14,336 umpass.sys
09/29/2017  08:41 AM            63,384 kbdclass.sys
09/29/2017  08:41 AM            40,448 kbdhid.sys
09/29/2017  08:41 AM           187,392 hidclass.sys
09/29/2017  08:41 AM            40,960 hidusb.sys
09/29/2017  08:41 AM            39,424 buttonconverter.sys
09/29/2017  08:41 AM            45,568 hidparse.sys
09/29/2017  08:41 AM            50,584 hidinterrupt.sys
09/29/2017  08:41 AM            52,224 hidi2c.sys
09/29/2017  08:41 AM           105,984 i8042prt.sys
09/29/2017  08:41 AM            95,640 usbehci.sys
09/29/2017  08:41 AM           168,856 usbccgp.sys
09/29/2017  08:41 AM            28,160 sermouse.sys
09/29/2017  08:41 AM            30,720 usbohci.sys
09/29/2017  08:41 AM           454,040 usbport.sys
09/29/2017  08:41 AM            57,240 mouclass.sys
09/29/2017  08:41 AM            32,768 mouhid.sys
09/29/2017  08:41 AM            35,328 usbuhci.sys
09/29/2017  08:41 AM           130,968 USBSTOR.SYS
09/29/2017  08:41 AM           513,944 usbhub.sys
09/29/2017  08:41 AM           437,656 USBXHCI.SYS
09/29/2017  08:41 AM            32,152 usbd.sys
09/29/2017  08:41 AM            92,672 winusb.sys
09/29/2017  08:41 AM           229,272 tpm.sys
09/29/2017  08:41 AM            96,664 sdstor.sys
09/29/2017  08:41 AM            18,000 WindowsTrustedRTProxy.sys
09/29/2017  08:41 AM            49,048 msgpiowin32.sys
09/29/2017  08:41 AM            23,040 kdnic.sys
09/29/2017  08:41 AM            26,112 npsvctrig.sys
09/29/2017  08:41 AM            59,904 rteth.sys
09/29/2017  08:41 AM           225,280 winnat.sys
09/29/2017  08:41 AM           127,896 acpiex.sys
09/29/2017  08:41 AM            28,568 cmimcext.sys
09/29/2017  08:41 AM            26,112 ipt.sys
09/29/2017  08:41 AM            55,808 filecrypt.sys
09/29/2017  08:41 AM            97,688 sdport.sys
09/29/2017  08:41 AM           227,224 Ucx01000.sys
09/29/2017  08:41 AM            39,832 ramdisk.sys
09/29/2017  08:41 AM            34,816 vhf.sys
09/29/2017  08:41 AM            62,976 TsUsbFlt.sys
09/29/2017  08:41 AM           123,288 pdc.sys
09/29/2017  08:41 AM            45,056 Udecx.sys
09/29/2017  08:41 AM            62,872 fsdepends.sys
09/29/2017  08:41 AM           129,432 hvsocket.sys
09/29/2017  08:41 AM            81,304 vmbkmcl.sys
09/29/2017  08:41 AM            31,640 winhv.sys
09/29/2017  08:41 AM            30,104 WpdUpFltr.sys
09/29/2017  08:41 AM           101,888 bowser.sys
09/29/2017  08:41 AM           309,144 WdFilter.sys
09/29/2017  08:41 AM            44,608 WdBoot.sys
09/29/2017  08:41 AM           119,192 WdNisDrv.sys
09/29/2017  08:41 AM            56,728 iorate.sys
09/29/2017  08:41 AM            43,520 mmcss.sys
09/29/2017  08:41 AM            62,464 winhvr.sys
09/29/2017  08:41 AM         3,440,660 gm.dls
09/29/2017  08:41 AM               646 gmreadme.txt
09/29/2017  08:41 AM           124,416 Ndu.sys
09/29/2017  08:41 AM            73,112 hvservice.sys
09/29/2017  08:41 AM         1,007,512 ClipSp.sys
09/29/2017  08:41 AM             8,192 gpuenergydrv.sys
09/29/2017  08:41 AM            56,320 watchdog.sys
09/29/2017  08:41 AM            80,384 vmbkmclr.sys
09/29/2017  08:41 AM           749,976 dxgmms2.sys
09/29/2017  08:41 AM           408,096 dxgmms1.sys
09/29/2017  08:41 AM            75,776 mpsdrv.sys
09/29/2017  08:41 AM           163,736 wfplwfs.sys
09/29/2017  08:41 AM            78,744 CEA.sys
09/29/2017  08:41 AM           169,880 msgpioclx.sys
09/29/2017  08:41 AM           152,984 pacer.sys
09/29/2017  08:41 AM            27,136 mshwnclx.sys
09/29/2017  08:41 AM            79,872 storqosflt.sys
09/29/2017  08:41 AM            32,256 dumpsdport.sys
09/29/2017  08:41 AM            71,248 WindowsTrustedRT.sys
09/29/2017  08:41 AM            81,816 SpbCx.sys
09/29/2017  08:41 AM            39,424 IndirectKmd.sys
09/29/2017  08:41 AM            76,288 wcnfs.sys
09/29/2017  08:41 AM           146,944 UcmTcpciCx.sys
09/29/2017  08:41 AM            74,784 SerCx.sys
09/29/2017  08:41 AM           154,520 SerCx2.sys
09/29/2017  08:41 AM            11,776 mshidumdf.sys
09/29/2017  08:41 AM            39,320 cnghwassist.sys
09/29/2017  08:41 AM             8,704 mshidkmdf.sys
09/29/2017  08:41 AM           214,016 ipnat.sys
09/29/2017  08:41 AM           266,648 ufx01000.sys
09/29/2017  08:41 AM            28,056 tbs.sys
09/29/2017  08:41 AM           384,000 cldflt.sys
09/29/2017  08:41 AM           936,856 refsv1.sys
09/29/2017  08:41 AM            18,432 applockerfltr.sys
09/29/2017  08:41 AM           191,008 appid.sys
09/29/2017  08:41 AM            35,736 wimmount.sys
09/29/2017  08:41 AM            33,792 wdnsfltr.sys
09/29/2017  08:41 AM           354,304 exfat.sys
09/29/2017  08:41 AM         1,849,752 refs.sys
09/29/2017  08:41 AM         1,103,768 http.sys
09/29/2017  08:41 AM            85,400 fileinfo.sys
09/29/2017  08:41 AM           209,304 wof.sys
09/29/2017  08:41 AM           371,608 fastfat.sys
09/29/2017  08:41 AM            36,864 filetrace.sys
09/29/2017  08:41 AM            35,736 Dumpata.sys
09/29/2017  08:41 AM            29,592 hwpolicy.sys
09/29/2017  08:41 AM           225,688 VerifierExt.sys
09/29/2017  08:41 AM           535,960 netio.sys
09/29/2017  08:41 AM            34,200 SleepStudyHelper.sys
09/29/2017  08:41 AM           441,240 FWPKCLNT.SYS
09/29/2017  08:41 AM           165,784 partmgr.sys
09/29/2017  08:41 AM         2,773,400 tcpip.sys
09/29/2017  08:41 AM            44,544 nsiproxy.sys
09/29/2017  08:41 AM           103,320 mountmgr.sys
09/29/2017  08:41 AM           121,240 tdx.sys
09/29/2017  08:41 AM            55,704 condrv.sys
09/29/2017  08:41 AM            65,024 ndisuio.sys
09/29/2017  08:41 AM           403,352 Classpnp.sys
09/29/2017  08:41 AM            20,376 wmilib.sys
09/29/2017  08:41 AM           132,608 NetAdapterCx.sys
09/29/2017  08:41 AM            33,176 WppRecorder.sys
09/29/2017  08:41 AM            85,912 crashdmp.sys
09/29/2017  08:41 AM             7,168 null.sys
09/29/2017  08:41 AM            73,216 npfs.sys
09/29/2017  08:41 AM            31,232 msfs.sys
09/29/2017  08:41 AM            61,664 WdfLdr.sys
09/29/2017  08:41 AM           918,240 Wdf01000.sys
09/29/2017  08:41 AM            93,184 cdfs.sys
09/29/2017  08:41 AM         1,278,872 ndis.sys
09/29/2017  08:41 AM           398,744 fltMgr.sys
09/29/2017  08:41 AM            34,200 fs_rec.sys
09/29/2017  08:41 AM            40,344 tdi.sys
09/29/2017  08:41 AM            53,144 pcw.sys
09/29/2017  08:41 AM           170,904 ksecpkg.sys
09/29/2017  08:41 AM           614,296 afd.sys
09/29/2017  08:41 AM           376,864 msrpc.sys
09/29/2017  08:41 AM            45,464 werkernel.sys
09/29/2017  08:41 AM            38,808 Diskdump.sys
09/29/2017  08:41 AM           151,040 dfsc.sys
09/29/2017  08:41 AM            44,544 videoprt.sys
09/29/2017  08:41 AM           258,560 srvnet.sys
09/29/2017  08:41 AM            25,600 Dumpstorport.sys
09/29/2017  08:41 AM           496,536 mrxsmb.sys
09/29/2017  08:41 AM           123,800 mup.sys
09/29/2017  08:41 AM            15,360 Dmpusbstor.sys
09/29/2017  08:41 AM           373,144 volmgrx.sys
09/29/2017  08:41 AM           128,408 tm.sys
09/29/2017  08:41 AM            65,024 lltdio.sys
09/29/2017  08:41 AM            80,896 rspndr.sys
09/29/2017  08:41 AM           116,736 bridge.sys
09/29/2017  08:41 AM            87,960 EhStorClass.sys
09/29/2017  08:41 AM           394,752 ks.sys
09/29/2017  08:41 AM            33,280 mskssrv.sys
09/29/2017  08:41 AM            10,752 mspclock.sys
09/29/2017  08:41 AM            12,800 mstee.sys
09/29/2017  08:41 AM            10,752 mspqm.sys
09/29/2017  08:41 AM            27,136 ksthunk.sys
09/29/2017  08:41 AM           149,504 rmcast.sys
09/29/2017  08:41 AM           115,200 WUDFPf.sys
09/29/2017  08:41 AM           259,584 WUDFRd.sys
09/29/2017  08:41 AM            19,864 ntosext.sys
09/29/2017  08:41 AM           240,640 ahcache.sys
09/29/2017  08:41 AM           316,928 netbt.sys
09/29/2017  08:41 AM            51,712 tcpipreg.sys
09/29/2017  08:41 AM            21,504 NdisVirtualBus.sys
09/29/2017  08:41 AM           128,000 NdisImPlatform.sys
09/29/2017  08:41 AM            49,152 qwavedrv.sys
09/29/2017  08:41 AM            57,752 netbios.sys
09/29/2017  08:41 AM            84,480 mslldp.sys
09/29/2017  08:41 AM           106,496 tunnel.sys
09/29/2017  08:41 AM            85,504 ipfltdrv.sys
09/29/2017  08:41 AM            17,920 rasacd.sys
09/29/2017  08:41 AM           108,032 agilevpn.sys
09/29/2017  08:41 AM            82,944 raspppoe.sys
09/29/2017  08:41 AM            80,896 wanarp.sys
09/29/2017  08:41 AM            62,464 ndproxy.sys
09/29/2017  08:41 AM            27,136 ndistapi.sys
09/29/2017  08:41 AM           106,496 rasl2tp.sys
09/29/2017  08:41 AM            97,280 raspptp.sys
09/29/2017  08:41 AM            78,336 rassstp.sys
09/29/2017  08:41 AM            28,160 asyncmac.sys
09/29/2017  08:41 AM            23,040 usb8023.sys
09/29/2017  08:41 AM           192,000 ndiswan.sys
09/29/2017  08:42 AM            35,328 RNDISMP.sys
09/29/2017  08:42 AM            31,232 tape.sys
09/29/2017  08:42 AM            23,552 mcd.sys
09/29/2017  08:42 AM            21,504 smclib.sys
09/29/2017  08:42 AM            10,240 beep.sys
09/29/2017  08:42 AM           175,512 scsiport.sys
09/29/2017  08:42 AM            75,264 stream.sys
09/29/2017  08:42 AM            43,008 scfilter.sys
09/29/2017  08:42 AM            13,312 rootmdm.sys
09/29/2017  08:42 AM            42,496 modem.sys
09/29/2017  08:42 AM            50,688 ndiscap.sys
09/29/2017  08:42 AM           323,072 udfs.sys
09/29/2017  08:42 AM           401,304 volsnap.sys
09/29/2017  08:42 AM            23,040 ws2ifsl.sys
09/29/2017  08:42 AM            60,312 bam.sys
09/29/2017  08:42 AM            81,304 dam.sys
09/29/2017  08:42 AM            37,376 USBCAMD2.sys
09/29/2017  08:42 AM           119,808 irda.sys
09/29/2017  08:42 AM           143,872 mrxdav.sys
09/29/2017  08:42 AM           282,520 rdyboost.sys
09/29/2017  08:42 AM            19,968 irenum.sys
09/29/2017  08:42 AM           723,968 PEAuth.sys
09/29/2017  08:42 AM           770,048 WdiWiFi.sys
09/29/2017  08:42 AM            40,448 vwifimp.sys
09/29/2017  08:42 AM            76,800 vwififlt.sys
09/29/2017  08:42 AM            27,136 vwifibus.sys
09/29/2017  08:43 AM           727,448 fvevol.sys
09/29/2017  08:43 AM            91,152 dumpfve.sys
09/29/2017  09:43 AM           182,784 rdpdr.sys
09/29/2017  09:43 AM            30,616 rdpvideominiport.sys
09/29/2017  09:43 AM            56,216 SpatialGraphFilter.sys
09/29/2017  09:43 AM            37,272 terminpt.sys
09/29/2017  09:43 AM            27,136 rdpbus.sys
10/08/2017  09:33 AM                 0 Msft_User_esif_umdf2_02_00_00.Wdf
10/08/2017  09:33 AM                 0 Msft_Kernel_esif_lf_01011.Wdf
10/08/2017  09:34 AM                 0 Msft_Kernel_SynTP_01011.Wdf
10/08/2017  09:34 AM                 0 Msft_Kernel_Smb_driver_Intel_01011.Wdf
10/08/2017  10:07 AM             3,582 1028_Dell_ALI_17R4.mrk
10/18/2017  11:31 AM                 0 Msft_User_WpdMtpDr_01_11_00.Wdf
11/17/2017  02:36 PM            13,850 rtkhdasetting.zip
11/17/2017  05:27 PM            45,464 storufs.sys
11/17/2017  05:27 PM            57,344 UcmUcsi.sys
11/17/2017  05:27 PM           555,416 USBHUB3.SYS
11/17/2017  05:27 PM           285,080 sdbus.sys
11/17/2017  05:27 PM           187,288 dumpsd.sys
11/17/2017  05:27 PM            34,816 BasicRender.sys
11/17/2017  05:27 PM         1,015,296 bthport.sys
11/17/2017  05:27 PM           677,280 cng.sys
11/17/2017  05:27 PM           147,864 wcifs.sys
11/17/2017  05:27 PM           559,512 storport.sys
11/17/2017  05:27 PM           373,656 clfs.sys
11/17/2017  05:27 PM         2,573,208 dxgkrnl.sys
11/17/2017  05:27 PM            60,824 urscx01000.sys
11/17/2017  05:27 PM           114,688 UcmCx.sys
11/17/2017  05:27 PM         2,400,664 ntfs.sys
11/17/2017  05:27 PM           139,672 ksecdd.sys
11/17/2017  05:27 PM           726,016 srv2.sys
11/17/2017  05:27 PM           428,952 rdbss.sys
11/17/2017  05:27 PM           124,928 luafv.sys
11/17/2017  05:27 PM           232,344 mrxsmb20.sys
11/17/2017  05:27 PM           529,408 nwifi.sys
11/19/2017  02:57 PM            72,816 fvrwjqov.sys
11/19/2017  03:07 PM            72,816 szhunaso.sys
11/19/2017  05:14 PM                 0 Msft_User_WpdFs_01_11_00.Wdf
12/05/2017  04:17 PM            57,792 nvvhci.sys
12/05/2017  04:17 PM            50,624 nvvad64v.sys
12/11/2017  11:34 AM           788,760 EasyAntiCheat.sys
12/15/2017  10:59 AM           252,832 4C291220.sys
12/15/2017  11:06 AM           252,832 74D716F6.sys
12/15/2017  12:32 PM           252,832 4FED5937.sys
12/15/2017  12:43 PM           252,832 7B246133.sys
12/15/2017  12:52 PM           252,832 0364683E.sys
12/15/2017  07:45 PM           252,832 0D2924AF.sys
12/16/2017  11:43 AM                20 SMR501.dat
12/16/2017  11:46 AM           252,832 0FBA043B.sys
12/16/2017  03:09 PM           252,832 2ECB1F90.sys
12/16/2017  03:10 PM           255,928 2E57A2BD.sys
12/16/2017  07:28 PM           252,832 7F5E6524.sys
12/16/2017  09:36 PM           252,832 5F5C474A.sys
12/16/2017  10:13 PM           255,928 235D333E.sys
12/17/2017  10:56 AM           252,832 3B842B9F.sys
12/17/2017  02:42 PM           252,832 1CD458E7.sys
12/17/2017  02:57 PM           252,832 7EC663DC.sys
12/17/2017  03:15 PM           255,928 75652321.sys
12/17/2017  04:23 PM           290,528 hmpalert.sys
12/17/2017  04:23 PM            93,800 hmpnet.sys
12/17/2017  04:56 PM           252,832 14063F69.sys
12/17/2017  04:59 PM           255,928 7566D2EB.sys
12/17/2017  05:14 PM           252,832 1D424CD5.sys
12/17/2017  05:18 PM           252,832 71B8500C.sys
12/17/2017  05:23 PM           252,832 11165441.sys
12/17/2017  05:24 PM            55,232 hitmanpro37.sys
12/17/2017  07:23 PM           252,832 3DF2302A.sys
12/17/2017  07:35 PM           252,832 7DD3395C.sys
12/17/2017  07:37 PM           252,832 46B03A65.sys
12/17/2017  07:42 PM           252,832 MBAMSwissArmy.sys
12/17/2017  07:47 PM           255,928 753612DB.sys
12/17/2017  07:52 PM           252,832 2BD14617.sys
12/17/2017  08:05 PM           252,832 5E8B5055.sys
12/17/2017  08:07 PM           252,832 690051BD.sys
12/17/2017  09:31 PM           252,832 46C9118B.sys
12/17/2017  09:47 PM           252,832 46B41E57.sys
12/17/2017  11:30 PM           140,112 iaibehko.sys
12/18/2017  10:17 AM           252,832 59565C12.sys
12/18/2017  10:21 AM           255,928 7763F1EA.sys
12/18/2017  10:37 AM           192,952 mbamchameleon.sys
12/18/2017  10:37 AM           255,928 36230745.sys
             483 File(s)    117,629,470 bytes
               0 Dir(s)  18,842,693,632 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:28:41 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 19 December 2017 - 10:05 AM

Hi,

You'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB. And before connecting your USB on the infected computer, it must be shut down, then you must boot directly in the RE afterwards.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
FRST 64-bit
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as wel.

Boot in the Recovery Environment

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt

Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial https://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html on SevenForums.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on theHi,

You'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB. And before connecting your USB on the infected computer, it must be shut down, then you must boot directly in the RE afterwards.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
FRST 64-bit
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as wel.

Boot in the Recovery Environment

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt

Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial https://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html on SevenForums.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files



#7 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 19 December 2017 - 10:22 AM

Ok I will get started.


Edited by morzer, 19 December 2017 - 10:24 AM.


#8 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 19 December 2017 - 11:00 AM

File attached, but just in case:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by lilse (19-12-2017 10:56:39) Run:3
Running from e:\
Loaded Profiles: lilse (Available Profiles: lilse)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
AV: COMODO Antivirus (Disabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AS: COMODO Advanced Protection (Disabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
FW: COMODO Firewall (Disabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
COMODO Antivirus (HKLM\...\{01182FCE-8E8E-419F-8745-24236D28F2F9}) (Version: 10.0.2.6396 - COMODO Security Solutions Inc.) Hidden
S4 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10872400 2017-10-30] (COMODO)
S4 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-10-30] (COMODO)
R1 cmdcss; C:\Windows\system32\drivers\cmdcss.sys [112152 2017-10-20] (COMODO)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2017-10-20] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [849248 2017-10-20] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2017-10-20] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-10-20] (COMODO)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-07] (COMODO)
Task: {080C7001-8A1E-4B53-B677-8DDF86A3C613} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
Task: {40EBAA5C-47CB-4311-ACEE-21AC79AD29E8} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2017-10-30] (COMODO)
Task: {6E6E0902-A091-4AE5-A08F-C90280FAE70E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-10-30] (COMODO)
Task: {7D19A181-9092-4858-9146-599B609C2EA7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
Task: {BB99BDC8-1993-42AF-ADD3-A3C9B00698F6} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
Task: {F50553BF-D66B-4C32-9FBA-8C25E7661518} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
C:\Program Files\COMODO
C:\Windows\system32\drivers\cmdcss.sys
C:\Windows\System32\DRIVERS\cmderd.sys
C:\Windows\System32\DRIVERS\cmdguard.sys
C:\Windows\System32\DRIVERS\cmdhlp.sys
C:\Windows\System32\DRIVERS\inspect.sys
C:\Windows\system32\drivers\isedrv.sys
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}
C:\Windows\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921}
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}
C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}
C:\Windows\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}
C:\Windows\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
AV: COMODO Antivirus (Disabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD} => not found
AS: COMODO Advanced Protection (Disabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40} => not found
FW: COMODO Firewall (Disabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01182FCE-8E8E-419F-8745-24236D28F2F9}\\SystemComponent => value not found.
CmdAgent => service not found.
cmdvirth => service not found.
cmdcss => service not found.
cmderd => service not found.
cmdGuard => service not found.
cmdHlp => service not found.
inspect => service not found.
isedrv => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{080C7001-8A1E-4B53-B677-8DDF86A3C613} => could not remove key. ErrorCode1: 0x00000001
C:\WINDOWS\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40EBAA5C-47CB-4311-ACEE-21AC79AD29E8} => key not found
C:\WINDOWS\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E6E0902-A091-4AE5-A08F-C90280FAE70E} => key not found
C:\WINDOWS\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D19A181-9092-4858-9146-599B609C2EA7} => key not found
C:\WINDOWS\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB99BDC8-1993-42AF-ADD3-A3C9B00698F6} => key not found
C:\WINDOWS\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50553BF-D66B-4C32-9FBA-8C25E7661518} => key not found
C:\WINDOWS\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => key not found. 
"C:\Program Files\COMODO" => not found.
"C:\Windows\system32\drivers\cmdcss.sys" => not found.
"C:\Windows\System32\DRIVERS\cmderd.sys" => not found.
"C:\Windows\System32\DRIVERS\cmdguard.sys" => not found.
"C:\Windows\System32\DRIVERS\cmdhlp.sys" => not found.
"C:\Windows\System32\DRIVERS\inspect.sys" => not found.
"C:\Windows\system32\drivers\isedrv.sys" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:56:40 ====


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 19 December 2017 - 01:39 PM



Hi,

Farbar was run in Safe Mode

Were you NOT able to Boot in the Recovery Environment as per these instructions?

Boot in the Recovery Environment

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt


If not try it an continue with my previous instructions.

#10 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 19 December 2017 - 02:50 PM

I saw the safe mode and cmd so i booted into that, I followed your instructions and when I booted into just cmd i entered e:\frst64.exe (my usb is e:) and it says something like the system you are running is not compatible with FRST64.exe and then I assumed it meant that it had something to do with 64 and 32 bit so I just attempted to install the 32 bit and tried, but it comes up with the same thing.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 20 December 2017 - 08:52 AM

Hi,

You have the correct version of the FRST tool.

My previous instructions were possibly misleading. You should now have the Flash Driver read with the FRST and Fixlist.txt on it. Go directly to WINDOWS 10 USERS.

You'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB. And before connecting your USB on the infected computer, it must be shut down, then you must boot directly in the Recovery Environment afterwards.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Lets start.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
FRST 64-bit
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as well.

Boot in the Recovery Environment WINDOWS 7 USERS. See below for Windows 10.

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt

Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial https://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html on SevenForums.

WINDOWS 10 USERS.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Follow the instrucltions listed in OPTION ONE

Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply.

Post the log or let me know of any error message.

#12 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 20 December 2017 - 11:25 AM

It still comes up with the same error.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 20 December 2017 - 01:56 PM



Hi,

At one point in my fix I asked that your Plug your USB Flash Drive in the infected computer

Reboot the computer normally.

I'm asking you now to repeat the instructions but DO NOT Plug the USB Drive just now.

===

Follow the instructions for WINDOWS 10 USERS

Once in the command prompt
Plug your USB Flash Drive in the infected computer

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply.

Keep me posted.

#14 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 20 December 2017 - 02:28 PM

Hi,

 

I have tried this again, what I was doing wrong is that I did not put the flash drive in my computer when I opened the command prompt I put it in when the computer was shut off. The difference that happened was that my drive changed to I: on my USB. I am using the frst 64 version and im using the command i:\frst64.exe and I have gotten the same error every time. I'm really confused i'm sorry that I haven't done this right yet... im not the greatest with computers. If you notice anything wrong about my process please let me know.



#15 morzer

morzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 20 December 2017 - 03:46 PM

Also, I have noticed a new symptom, ads on my desktop have been happening very frequently. Also when I click on a button in a website, an ad pops up instead of the right link (which most of the time is a fake microsoft support.) 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users