Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with a polymorphic virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 ryanbozant

ryanbozant

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 21 May 2018 - 05:24 AM

i need help getting rid of a polymorphic virus. It has infected every computer i own. Encryption, virtual shell, nothing updates, and a gazillion files with weird endings. Antivirus programs only work in sandbox mode and every time The computer is restarted the virus undoes the work i did before restarting. Please help!

Edited by boopme, 24 May 2018 - 10:47 AM.
MOVED To Malwae Removal forum


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 26 May 2018 - 05:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/677841 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ryanbozant

ryanbozant
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 31 May 2018 - 09:41 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Aliens (administrator) on DESKTOP-G62600D (31-05-2018 10:36:16)
Running from C:\Users\Aliens\Desktop
Loaded Profiles: Aliens & Administrator (Available Profiles: Aliens & Administrator)
Platform: Windows 10 Pro Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(DESlock Limited.) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\IntelCpHDCPSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Tobii AB) C:\Program Files (x86)\Tobii\Service\Tobii.Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Tobii\Service\Tobii Lite Core.exe
(Microsoft Corporation) C:\Windows\System32\SensorDataService.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9209856 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484280 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [AWSoundCenterUILauncher] => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe [1217208 2016-12-15] (A-Volute)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13856 2017-03-21] (Alienware)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3747256 2016-12-02] (Alienware Corp.)
HKU\S-1-5-21-4247720935-3746245100-2290869119-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware)
HKU\S-1-5-21-4247720935-3746245100-2290869119-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5852920 2018-05-02] (NordVPN)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-04-27]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-05-25] ()
BootExecute: autocheck autochk * sdnclean64.exebddel.exePartizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{2b94c986-a1ab-4680-92c3-323ebcc29f46}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{bbb25e30-772c-409f-87d5-76b4010f62c8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e92abbda-57e7-4539-a200-2f312275d4a2}: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4247720935-3746245100-2290869119-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4247720935-3746245100-2290869119-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4247720935-3746245100-2290869119-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKLM -> DefaultScope {97C790A2-FD5A-4BAB-B23E-D9475DCF4230} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b620597&q={searchTerms}
SearchScopes: HKLM -> {97C790A2-FD5A-4BAB-B23E-D9475DCF4230} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b620597&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {97C790A2-FD5A-4BAB-B23E-D9475DCF4230} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b620597&q={searchTerms}
SearchScopes: HKLM-x32 -> {97C790A2-FD5A-4BAB-B23E-D9475DCF4230} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b620597&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4247720935-3746245100-2290869119-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b620597&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default [2018-05-31]
CHR Extension: (Slides) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-25]
CHR Extension: (Docs) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-25]
CHR Extension: (Google Drive) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-25]
CHR Extension: (YouTube) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-25]
CHR Extension: (Sheets) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Extension: (Gmail) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Aliens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414728 2017-11-08] (Windows ® Win 7 DDK provider)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-05-15] (AVAST Software)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119840 2017-11-03] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [542400 2017-11-02] (DESlock Limited.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [14400 2017-05-01] (Alienware)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-09] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-08-18] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-15] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2193088 2017-05-05] (Rivet Networks)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-04-23] (Malwarebytes)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2018-05-18] (McAfee, Inc.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [430840 2018-05-02] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1966408 2018-05-27] (Overwolf LTD)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [227728 2018-02-28] (Qualcomm Technologies Inc.)
S4 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [451200 2018-05-08] (Razer Inc.)
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943752 2018-04-24] (Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-11] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [283888 2018-05-15] ()
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-03-23] (Realtek Semiconductor)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2018-05-15] (Razer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated)
S4 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
R2 Tobii Service; C:\Program Files (x86)\Tobii\Service\Tobii.Service.exe [198720 2017-07-12] (Tobii AB)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-30] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [70544 2017-11-08] (Qualcomm)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [174152 2018-02-27] (DESlock Ltd.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2017-11-02] (DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2017-11-02] (DESlock Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-12] (Intel Corporation)
R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [165608 2017-10-25] (Qualcomm Atheros, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-04-12] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [35216 2016-08-18] ()
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [382880 2017-11-08] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-11-09] (Intel Corporation)
R3 kiox_ff_driver; C:\WINDOWS\system32\DRIVERS\kiox_ff_driver.sys [50312 2016-09-21] (Kionix, Inc.)
R0 kxdiskprot; C:\WINDOWS\System32\DRIVERS\kxdiskprot.sys [38544 2016-06-13] (Kionix, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [917008 2018-05-18] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [124432 2018-05-18] (McAfee, Inc.)
S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [129608 2016-08-24] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_b79991c48f5211ac\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26560 2017-07-27] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
S3 PtpFilterDriver; C:\WINDOWS\System32\drivers\PtpFilterDriver.sys [51840 2016-12-27] ()
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [123624 2017-05-05] (Rivet Networks, LLC.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2016-12-21] (Realtek Semiconductor Corp.)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49136 2018-04-15] (Razer Inc)
R3 RzDev_0068; C:\WINDOWS\System32\drivers\RzDev_0068.sys [51184 2018-03-20] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [92032 2018-03-19] (Safer-Networking Ltd.)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [151552 2018-01-03] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [52792 2017-12-19] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [53816 2017-12-19] (Synaptics Incorporated)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2017-11-02] (DESlock Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-30] (Microsoft Corporation)
S3 aswMBR; \??\C:\Users\Aliens\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
S3 MFE_RR; \??\C:\Users\Aliens\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-27 09:59 - 2018-05-27 09:59 - 000173456 _____ (Symantec Corporation) C:\Users\Aliens\Downloads\FixVundo.exe
2018-05-27 08:12 - 2018-05-27 08:12 - 000000000 ____D C:\Users\Aliens\AppData\Local\Fritz und Fertig
2018-05-27 08:11 - 2018-05-27 08:12 - 000000000 ____D C:\Users\Aliens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChessBase
2018-05-27 08:11 - 2018-05-27 08:11 - 000002148 _____ C:\Users\Aliens\Desktop\PlayChess.lnk
2018-05-27 08:11 - 2018-05-27 08:11 - 000000000 ____D C:\Program Files (x86)\ChessBase
2018-05-27 08:07 - 2018-05-27 08:11 - 052517424 _____ (ChessBase GmbH) C:\Users\Aliens\Downloads\PlayChessV7Setup.exe
2018-05-27 02:31 - 2018-05-27 02:31 - 000001596 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-05-27 02:31 - 2018-05-27 02:31 - 000001596 _____ C:\ProgramData\Desktop\Razer Synapse.lnk
2018-05-27 01:57 - 2018-05-27 01:57 - 000000492 _____ C:\Users\Aliens\Downloads\Essp.zip
2018-05-27 01:21 - 2018-05-27 01:21 - 000000000 ____D C:\Users\Aliens\Desktop\rkill
2018-05-25 02:55 - 2018-05-25 02:01 - 000000852 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180525-025545.backup
2018-05-25 02:03 - 2018-05-25 02:03 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6E2303E2.sys
2018-05-25 01:48 - 2018-05-25 01:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7153E75A.sys
2018-05-25 00:10 - 2018-05-25 00:10 - 000000000 ____D C:\Users\Aliens\AppData\Local\DESlock+
2018-05-25 00:00 - 2018-05-25 00:10 - 000000000 ____D C:\Program Files\ESET
2018-05-25 00:00 - 2018-05-25 00:00 - 000001978 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2018-05-25 00:00 - 2018-05-25 00:00 - 000001978 _____ C:\ProgramData\Desktop\ESET Banking & Payment protection.lnk
2018-05-25 00:00 - 2018-05-25 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-05-25 00:00 - 2018-05-25 00:00 - 000000000 ____D C:\ProgramData\ESET
2018-05-24 23:35 - 2018-05-24 23:35 - 000000000 ____D C:\SUPERDelete
2018-05-24 05:20 - 2018-05-25 11:27 - 000000254 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-05-24 03:55 - 2018-05-24 04:25 - 000000000 ____D C:\ProgramData\RegRun
2018-05-24 03:53 - 2018-05-24 05:05 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-05-24 03:53 - 2018-05-24 04:24 - 000003422 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-05-24 03:53 - 2018-03-21 16:41 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-05-24 03:53 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-05-24 00:36 - 2018-05-24 00:37 - 144242472 _____ (Kaspersky Lab ZAO) C:\Users\Aliens\Downloads\KVRT (1).exe
2018-05-24 00:31 - 2018-05-24 00:31 - 000000000 ____D C:\WINDOWS\SysWOW64\URTTEMP
2018-05-24 00:28 - 2018-05-24 00:28 - 000001662 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-05-21 12:55 - 2018-05-21 12:55 - 000000000 ____D C:\SpybotBootCD
2018-05-21 06:03 - 2018-05-27 02:58 - 000003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-05-19 06:51 - 2018-05-19 06:51 - 000000000 ____D C:\KVRT_Data
2018-05-19 06:49 - 2018-05-19 06:50 - 143539496 _____ (Kaspersky Lab ZAO) C:\Users\Aliens\Downloads\KVRT.exe
2018-05-19 06:44 - 2018-05-19 06:44 - 004949824 _____ (AO Kaspersky Lab) C:\Users\Aliens\Downloads\tdsskiller.exe
2018-05-18 23:45 - 2018-05-18 23:47 - 000000845 _____ C:\Users\Aliens\Downloads\Stinger_18052018_234546.html
2018-05-18 23:45 - 2018-05-18 23:45 - 000917008 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2018-05-18 23:45 - 2018-05-18 23:45 - 000343544 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2018-05-18 23:45 - 2018-05-18 23:45 - 000124432 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mferkdet.sys
2018-05-18 21:10 - 2018-05-18 23:32 - 000000824 _____ C:\Users\Aliens\Downloads\Stinger_18052018_211059.html
2018-05-18 20:26 - 2018-05-25 11:28 - 000000000 ____D C:\avast! sandbox
2018-05-18 09:54 - 2018-05-18 09:54 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2415D720.sys
2018-05-18 09:09 - 2018-05-18 09:09 - 000046264 _____ C:\WINDOWS\SysWOW64\bddel.dat
2018-05-18 08:37 - 2018-05-18 08:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-05-18 08:36 - 2018-05-30 10:57 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-05-18 08:36 - 2018-05-25 02:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-05-18 08:36 - 2018-05-24 23:52 - 000001426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-05-18 08:36 - 2018-05-24 00:43 - 000001414 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-05-18 08:36 - 2018-05-24 00:43 - 000001414 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2018-05-18 08:36 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-05-18 08:30 - 2018-05-18 08:30 - 000000000 ____D C:\ProgramData\SUPERSetup
2018-05-18 07:17 - 2018-05-18 07:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-05-18 07:17 - 2018-05-18 07:17 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-05-18 05:42 - 2018-05-18 05:50 - 000000812 _____ C:\Users\Aliens\Desktop\Stinger_18052018_054220.html
2018-05-18 05:42 - 2018-05-18 05:43 - 000312432 _____ C:\TDSSKiller.3.1.0.17_18.05.2018_05.42.33_log.txt
2018-05-18 05:41 - 2018-05-18 05:41 - 016187703 _____ C:\Users\Aliens\Downloads\stinger64-epo.zip
2018-05-18 05:17 - 2018-05-18 05:17 - 004279416 _____ (ESET) C:\Users\Aliens\Downloads\eset_smart_security_premium_live_installer.exe
2018-05-18 05:16 - 2018-05-18 05:16 - 004279416 _____ (ESET) C:\Users\Aliens\Downloads\eset_internet_security_live_installer.exe
2018-05-18 05:12 - 2018-05-18 05:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\67711397.sys
2018-05-18 02:27 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-17 08:46 - 2018-05-18 23:47 - 000000116 ___RH C:\Users\Aliens\Downloads\Stinger.opt
2018-05-17 08:45 - 2018-05-17 08:46 - 000000808 _____ C:\Users\Aliens\Downloads\Stinger_17052018_084555.html
2018-05-17 08:42 - 2018-05-17 08:42 - 001931088 _____ (Symantec Corporation) C:\Users\Aliens\Downloads\FixTDSS.exe
2018-05-17 08:36 - 2018-05-17 08:36 - 000448512 _____ (OldTimer Tools) C:\Users\Aliens\Desktop\TFC.exe
2018-05-17 08:16 - 2018-05-17 08:41 - 000000815 _____ C:\Users\Aliens\Downloads\Stinger_17052018_081622.html
2018-05-17 08:15 - 2018-05-17 08:16 - 016199720 _____ (McAfee Inc) C:\Users\Aliens\Downloads\stinger64.exe
2018-05-17 08:06 - 2018-05-17 08:07 - 000313252 _____ C:\TDSSKiller.3.1.0.17_17.05.2018_08.06.29_log.txt
2018-05-17 07:36 - 2018-05-17 07:36 - 000001986 _____ C:\Users\Public\Desktop\ChessBase 14 64Bit.lnk
2018-05-17 07:36 - 2018-05-17 07:36 - 000001986 _____ C:\ProgramData\Desktop\ChessBase 14 64Bit.lnk
2018-05-17 07:34 - 2018-05-17 07:34 - 061255680 _____ C:\Users\Aliens\Downloads\ChessBase14Setup_x64 (2).msi
2018-05-17 02:18 - 2018-05-18 05:41 - 000001316 _____ C:\Users\Aliens\Desktop\PkgCatalog.z
2018-05-17 02:03 - 2018-05-18 05:41 - 016199720 _____ (McAfee Inc) C:\Users\Aliens\Desktop\stinger.exe
2018-05-17 02:03 - 2018-05-18 05:41 - 000002540 _____ C:\Users\Aliens\Desktop\STIN_W649001-det.mcs
2018-05-17 02:03 - 2018-05-18 05:41 - 000000553 _____ C:\Users\Aliens\Desktop\stingerc.bat
2018-05-15 11:01 - 2018-05-15 11:02 - 000314042 _____ C:\TDSSKiller.3.1.0.17_15.05.2018_11.01.35_log.txt
2018-05-15 00:54 - 2018-05-15 00:54 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-05-12 10:50 - 2018-05-03 03:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-12 10:50 - 2018-05-03 03:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-12 10:50 - 2018-05-03 03:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-12 10:50 - 2018-05-03 03:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-12 10:50 - 2018-05-03 03:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-12 10:50 - 2018-05-03 03:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-12 10:50 - 2018-05-03 03:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-12 10:50 - 2018-05-03 03:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-12 10:50 - 2018-05-03 03:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-12 10:50 - 2018-05-03 03:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-12 10:50 - 2018-05-03 03:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-12 10:50 - 2018-05-03 03:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-12 10:50 - 2018-05-03 03:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-12 10:50 - 2018-05-03 02:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-12 10:50 - 2018-05-03 02:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-12 10:50 - 2018-05-03 02:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-12 10:50 - 2018-05-03 02:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-12 10:50 - 2018-05-03 02:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-12 10:50 - 2018-05-03 02:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-12 10:50 - 2018-05-03 02:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-12 10:50 - 2018-05-03 02:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-12 10:50 - 2018-05-03 02:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-12 10:50 - 2018-05-03 02:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-12 10:50 - 2018-05-03 02:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-12 10:50 - 2018-05-03 02:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-12 10:50 - 2018-05-03 02:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-12 10:50 - 2018-05-03 02:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-12 10:50 - 2018-05-03 02:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-12 10:50 - 2018-05-03 02:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-12 10:50 - 2018-05-03 02:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-12 10:50 - 2018-05-03 02:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-12 10:50 - 2018-05-03 02:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-12 10:50 - 2018-05-03 02:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-12 10:50 - 2018-05-03 02:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-12 10:50 - 2018-05-03 02:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-12 10:50 - 2018-05-03 02:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-12 10:50 - 2018-05-03 02:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-12 10:50 - 2018-05-03 02:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-12 10:50 - 2018-05-03 02:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-12 10:50 - 2018-05-03 01:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-12 10:50 - 2018-05-03 01:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-12 10:50 - 2018-05-03 01:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-12 10:50 - 2018-05-03 01:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-12 10:50 - 2018-05-03 01:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-12 10:50 - 2018-05-03 01:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-12 10:50 - 2018-05-03 01:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-12 10:50 - 2018-05-03 01:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-12 10:50 - 2018-05-03 01:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-12 10:50 - 2018-05-03 01:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-12 10:50 - 2018-05-03 01:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-12 10:50 - 2018-05-03 01:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-12 10:50 - 2018-05-03 01:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-12 10:50 - 2018-05-03 01:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-12 10:50 - 2018-05-03 01:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-12 10:50 - 2018-05-03 01:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-12 10:50 - 2018-05-03 01:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-12 10:50 - 2018-05-03 01:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-12 10:49 - 2018-05-03 03:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-12 10:49 - 2018-05-03 03:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-12 10:49 - 2018-05-03 03:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-12 10:49 - 2018-05-03 03:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-12 10:49 - 2018-05-03 03:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-12 10:49 - 2018-05-03 03:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-12 10:49 - 2018-05-03 03:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-12 10:49 - 2018-05-03 03:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-12 10:49 - 2018-05-03 03:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-12 10:49 - 2018-05-03 03:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-12 10:49 - 2018-05-03 03:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-12 10:49 - 2018-05-03 03:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-12 10:49 - 2018-05-03 03:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-12 10:49 - 2018-05-03 03:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-12 10:49 - 2018-05-03 03:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-12 10:49 - 2018-05-03 03:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-12 10:49 - 2018-05-03 03:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-12 10:49 - 2018-05-03 03:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-12 10:49 - 2018-05-03 03:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-12 10:49 - 2018-05-03 03:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-12 10:49 - 2018-05-03 03:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-12 10:49 - 2018-05-03 03:36 - 000397728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-12 10:49 - 2018-05-03 03:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-12 10:49 - 2018-05-03 03:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-12 10:49 - 2018-05-03 03:35 - 001628064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-05-12 10:49 - 2018-05-03 03:35 - 000831392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-05-12 10:49 - 2018-05-03 03:35 - 000645536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-12 10:49 - 2018-05-03 03:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-12 10:49 - 2018-05-03 03:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-12 10:49 - 2018-05-03 03:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-12 10:49 - 2018-05-03 03:32 - 000744864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-12 10:49 - 2018-05-03 03:32 - 000670104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-05-12 10:49 - 2018-05-03 03:32 - 000231328 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-05-12 10:49 - 2018-05-03 03:31 - 001420704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-05-12 10:49 - 2018-05-03 03:30 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-05-12 10:49 - 2018-05-03 03:30 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-12 10:49 - 2018-05-03 03:30 - 000813984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-05-12 10:49 - 2018-05-03 03:30 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-05-12 10:49 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-12 10:49 - 2018-05-03 02:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-12 10:49 - 2018-05-03 02:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-12 10:49 - 2018-05-03 02:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-12 10:49 - 2018-05-03 02:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-12 10:49 - 2018-05-03 02:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-12 10:49 - 2018-05-03 02:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-12 10:49 - 2018-05-03 02:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-12 10:49 - 2018-05-03 02:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-12 10:49 - 2018-05-03 02:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-12 10:49 - 2018-05-03 02:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-12 10:49 - 2018-05-03 02:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-12 10:49 - 2018-05-03 02:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-12 10:49 - 2018-05-03 02:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-12 10:49 - 2018-05-03 02:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-12 10:49 - 2018-05-03 02:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-12 10:49 - 2018-05-03 02:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-12 10:49 - 2018-05-03 02:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-12 10:49 - 2018-05-03 02:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-12 10:49 - 2018-05-03 02:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-12 10:49 - 2018-05-03 02:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-12 10:49 - 2018-05-03 02:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-12 10:49 - 2018-05-03 02:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-12 10:49 - 2018-05-03 02:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-12 10:49 - 2018-05-03 02:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-12 10:49 - 2018-05-03 02:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-12 10:49 - 2018-05-03 02:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-12 10:49 - 2018-05-03 02:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-12 10:49 - 2018-05-03 02:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-12 10:49 - 2018-05-03 02:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-12 10:49 - 2018-05-03 02:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-12 10:49 - 2018-05-03 02:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-12 10:49 - 2018-05-03 02:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-12 10:49 - 2018-05-03 02:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-12 10:49 - 2018-05-03 01:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-12 10:49 - 2018-05-03 01:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-12 10:49 - 2018-05-03 01:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-12 10:49 - 2018-05-03 01:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-12 10:49 - 2018-05-03 01:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-12 10:49 - 2018-05-03 01:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-12 10:49 - 2018-05-03 01:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-12 10:49 - 2018-05-03 01:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-12 10:49 - 2018-05-03 01:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-12 10:49 - 2018-05-03 01:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-12 10:49 - 2018-05-03 01:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-12 10:49 - 2018-05-03 01:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-12 10:49 - 2018-05-03 01:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-07 21:58 - 2018-05-07 21:58 - 000001944 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-05-07 21:58 - 2018-05-07 21:58 - 000001944 _____ C:\ProgramData\Desktop\NordVPN.lnk
2018-05-07 21:57 - 2018-05-07 21:57 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-05-07 21:55 - 2018-05-07 21:55 - 000000210 _____ C:\WINDOWS\SysWOW64\.bat
2018-05-02 23:11 - 2018-05-02 23:11 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1515F68B.sys
2018-05-02 23:01 - 2018-05-02 23:16 - 000000000 ____D C:\Users\Aliens\Downloads\mbar
2018-05-02 22:54 - 2018-05-02 23:07 - 004807926 _____ C:\TDSSKiller.3.1.0.17_02.05.2018_22.54.50_log.txt
2018-05-02 22:48 - 2018-05-03 06:59 - 000000544 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbd84923-0fbd-466b-9bec-68ce57ffdf76.job
2018-05-02 22:48 - 2018-05-03 06:59 - 000000544 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8eea2c9f-ab3f-47e9-bb75-7c8fbe303975.job
2018-05-02 22:48 - 2018-05-02 22:48 - 000003790 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 8eea2c9f-ab3f-47e9-bb75-7c8fbe303975
2018-05-02 22:48 - 2018-05-02 22:48 - 000003708 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task dbd84923-0fbd-466b-9bec-68ce57ffdf76
2018-05-02 22:48 - 2018-05-02 22:48 - 000000000 ____D C:\Users\Aliens\AppData\Roaming\SUPERAntiSpyware.com
2018-05-02 22:47 - 2018-05-17 07:50 - 000000000 ____D C:\Users\Aliens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-02 22:47 - 2018-05-02 22:48 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-02 22:47 - 2018-05-02 22:47 - 000001811 _____ C:\Users\Aliens\Desktop\SUPERAntiSpyware Professional.lnk
2018-05-02 22:47 - 2018-05-02 22:47 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-02 22:46 - 2018-05-02 22:47 - 033083288 _____ (SUPERAntiSpyware) C:\Users\Aliens\Downloads\SUPERAntiSpyware.exe
2018-05-02 22:38 - 2018-05-02 22:43 - 000000000 ____D C:\Users\Aliens\Pavark
2018-05-02 22:38 - 2018-05-02 22:38 - 001020640 _____ C:\Users\Aliens\Downloads\antirootkit.exe
2018-05-02 22:16 - 2018-05-02 22:16 - 002997200 _____ C:\Users\Aliens\Downloads\SecurityTaskManager_Setup.exe
2018-05-02 22:16 - 2018-05-02 22:16 - 000001193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2018-05-02 22:16 - 2018-05-02 22:16 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2018-05-02 22:16 - 2018-05-02 22:16 - 000001170 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2018-05-02 22:16 - 2018-05-02 22:16 - 000001170 _____ C:\ProgramData\Desktop\Security Task Manager.lnk
2018-05-02 22:16 - 2018-05-02 22:16 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2018-05-02 22:06 - 2018-05-02 22:06 - 001413856 _____ C:\Users\Aliens\Desktop\Show-Hidden -f.txt
2018-05-02 21:43 - 2018-05-02 21:47 - 003838560 _____ C:\TDSSKiller.3.1.0.17_02.05.2018_21.43.14_log.txt
2018-05-02 21:41 - 2018-05-02 21:42 - 000316502 _____ C:\TDSSKiller.3.1.0.17_02.05.2018_21.41.30_log.txt
2018-05-02 21:40 - 2018-05-02 21:41 - 000316336 _____ C:\TDSSKiller.3.1.0.17_02.05.2018_21.40.35_log.txt
2018-05-02 20:23 - 2018-05-02 20:23 - 007271632 _____ (Malwarebytes) C:\Users\Aliens\Desktop\adwcleaner_7.1.1.exe
2018-05-02 17:38 - 2018-05-02 17:38 - 000000000 ____D C:\Users\Aliens\AppData\Local\Alienware
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-31 10:37 - 2018-04-24 11:59 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-31 10:37 - 2018-04-19 11:27 - 000023220 _____ C:\Users\Aliens\Desktop\FRST.txt
2018-05-31 10:36 - 2018-04-24 12:02 - 000000000 ____D C:\Users\Aliens\Desktop\FRST-OlderVersion
2018-05-31 10:36 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-31 10:36 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-31 10:36 - 2018-04-19 11:27 - 000000000 ____D C:\FRST
2018-05-31 10:36 - 2018-04-19 11:26 - 002413056 _____ (Farbar) C:\Users\Aliens\Desktop\FRST64.exe
2018-05-31 10:29 - 2018-04-24 18:19 - 000000000 ____D C:\Users\Aliens\AppData\Local\CrashDumps
2018-05-31 10:26 - 2017-11-14 09:05 - 000000594 _____ C:\Users\Aliens\Downloads\Mega Database 2018.ini
2018-05-31 09:27 - 2018-04-24 08:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-30 23:09 - 2018-04-24 11:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-30 12:25 - 2018-04-24 08:07 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-29 10:56 - 2018-01-03 18:56 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-05-28 05:30 - 2018-04-24 11:30 - 000000000 ____D C:\Users\Aliens\AppData\Local\ElevatedDiagnostics
2018-05-27 10:40 - 2018-04-27 19:45 - 000000555 _____ C:\Users\Aliens\Desktop\JRT.txt
2018-05-27 09:47 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-27 09:46 - 2018-03-23 17:10 - 000003386 _____ C:\Users\Aliens\Desktop\Rkill.txt
2018-05-27 08:19 - 2018-04-24 22:27 - 000000000 ____D C:\Users\Aliens\AppData\Local\ChessBase
2018-05-27 08:12 - 2018-04-24 22:27 - 000000000 ____D C:\Users\Aliens\AppData\Roaming\ChessBase
2018-05-27 08:12 - 2018-01-03 18:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-27 07:43 - 2018-04-24 10:56 - 000000000 ____D C:\Users\Aliens\AppData\Local\Packages
2018-05-27 05:14 - 2017-11-13 09:38 - 016234209 _____ C:\Users\Aliens\Downloads\Mega Database 2018.cbtt
2018-05-27 02:31 - 2018-03-19 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-05-27 01:52 - 2018-04-24 11:56 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-25 11:32 - 2018-04-24 08:19 - 001528370 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-25 11:28 - 2018-04-24 08:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-25 03:03 - 2018-04-24 11:56 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-25 02:14 - 2018-04-27 13:46 - 000004284 _____ C:\WINDOWS\System32\Tasks\Avast TUNEUP Update
2018-05-25 02:10 - 2018-04-27 19:52 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-05-25 01:53 - 2018-04-27 19:51 - 000000000 ____D C:\Users\Aliens\Desktop\mbar
2018-05-25 00:09 - 2018-04-25 04:05 - 000000000 ____D C:\Users\Aliens\AppData\Local\ESET
2018-05-25 00:03 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\INF
2018-05-25 00:00 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2018-05-24 07:46 - 2018-04-24 18:10 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-24 07:26 - 2018-04-27 18:30 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-24 04:27 - 2018-03-23 14:59 - 000000000 ____D C:\Users\Aliens\Documents\RegRun2
2018-05-24 04:26 - 2018-03-23 14:59 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-05-24 04:26 - 2018-03-23 14:59 - 000000000 ____D C:\ProgramData\Documents\RegRunInfo
2018-05-24 03:58 - 2018-03-23 15:52 - 000000000 ____D C:\@RestoreQuarantine
2018-05-24 03:55 - 2018-04-24 22:27 - 000002132 _____ C:\Users\Public\Desktop\Fritz 16 64Bit.lnk
2018-05-24 03:55 - 2018-04-24 22:27 - 000002132 _____ C:\ProgramData\Desktop\Fritz 16 64Bit.lnk
2018-05-24 02:01 - 2018-03-23 14:58 - 000000000 ____D C:\Users\Aliens\Downloads\unhackme_9.70.0.670
2018-05-24 01:13 - 2018-04-24 18:09 - 000000861 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-05-24 01:13 - 2018-04-24 18:09 - 000000861 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2018-05-24 01:13 - 2018-04-24 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-24 01:13 - 2018-04-24 18:09 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-24 00:45 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-24 00:31 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\Registration
2018-05-24 00:31 - 2018-01-03 18:49 - 001494246 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-05-19 07:36 - 2018-04-24 08:11 - 000000000 ____D C:\Users\Administrator
2018-05-19 07:31 - 2018-01-18 20:35 - 000000000 ____D C:\Users\Aliens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STARTUP--
2018-05-18 08:36 - 2018-03-18 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-05-18 07:27 - 2018-04-25 03:20 - 000002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 07:27 - 2018-04-25 03:20 - 000002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-18 07:27 - 2018-04-25 03:20 - 000002222 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-05-18 05:51 - 2018-04-24 16:38 - 000000112 ___RH C:\Users\Aliens\Desktop\Stinger.opt
2018-05-18 05:44 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-18 05:40 - 2018-04-24 13:44 - 000000000 ____D C:\Program Files (x86)\stinger
2018-05-18 05:39 - 2018-04-25 05:35 - 000000057 _____ C:\Users\Aliens\Desktop\gmer.bat
2018-05-18 03:48 - 2018-04-25 04:21 - 000080529 _____ C:\Users\Aliens\Downloads\MTB.txt
2018-05-18 02:40 - 2018-04-24 11:56 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-18 02:40 - 2018-04-24 11:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-18 02:27 - 2018-04-24 11:22 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-18 02:27 - 2018-04-24 11:22 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-18 02:21 - 2018-04-25 03:20 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-18 02:21 - 2018-04-25 03:20 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 02:21 - 2018-04-24 08:11 - 000000000 ____D C:\Users\Aliens
2018-05-18 02:20 - 2018-04-24 11:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-17 07:37 - 2018-04-24 22:26 - 000000000 ____D C:\ProgramData\ChessBase
2018-05-17 07:36 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Common Files\ChessBase
2018-05-17 07:36 - 2018-01-18 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessBase
2018-05-17 07:35 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\ChessBase
2018-05-15 12:54 - 2018-04-24 11:59 - 000000000 ____D C:\WINDOWS\rescache
2018-05-15 00:52 - 2018-01-03 18:59 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-12 14:19 - 2018-04-24 11:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-12 14:19 - 2018-04-24 11:59 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-12 14:19 - 2018-04-24 11:56 - 000000000 ____D C:\WINDOWS\servicing
2018-05-07 21:58 - 2018-04-24 22:22 - 000000000 ____D C:\Users\Aliens\AppData\Roaming\NordVPN
2018-05-07 21:58 - 2018-04-14 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-05-07 21:53 - 2018-04-24 22:23 - 000000000 ____D C:\Users\Aliens\AppData\Local\NordVPN
2018-05-03 07:03 - 2018-04-24 10:57 - 000002372 _____ C:\Users\Aliens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-02 21:52 - 2018-03-28 02:37 - 001413856 _____ C:\Users\Aliens\Desktop\Show-Hidden.txt
2018-05-02 21:34 - 2018-04-24 12:05 - 000000000 ____D C:\WINDOWS\Panther
2018-05-02 13:49 - 2018-04-24 12:05 - 000000000 ____D C:\Windows.old
2018-05-01 17:25 - 2018-04-24 12:00 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 17:25 - 2018-04-24 12:00 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-23 23:17
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Aliens (31-05-2018 10:37:41)
Running from C:\Users\Aliens\Desktop
Windows 10 Pro Version 1709 16299.431 (X64) (2018-04-24 12:14:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4247720935-3746245100-2290869119-500 - Administrator - Enabled) => C:\Users\Administrator
Aliens (S-1-5-21-4247720935-3746245100-2290869119-1001 - Administrator - Enabled) => C:\Users\Aliens
ASPNET (S-1-5-21-4247720935-3746245100-2290869119-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-4247720935-3746245100-2290869119-503 - Limited - Enabled)
Guest (S-1-5-21-4247720935-3746245100-2290869119-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4247720935-3746245100-2290869119-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security Premium (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: ESET Smart Security Premium (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Alienware Command Center (HKLM\...\{4A7B5997-A768-4678-9329-00F3A1F2554D}) (Version: 4.7.10.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{4A7B5997-A768-4678-9329-00F3A1F2554D}) (Version: 4.7.10.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Alienware Graphics Amplifier Software Installer (HKLM\...\{65A710ED-DB96-4BA8-8B90-116D73D2D647}) (Version: 3.0.13.0 - Dell Inc.) Hidden
Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{65A710ED-DB96-4BA8-8B90-116D73D2D647}) (Version: 3.0.13.0 - Dell Inc.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.30 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.30 - Alienware Corp.)
Alienware Sound Center (HKLM-x32\...\{e2d19baa-995b-4b46-866b-baaf95c06224}) (Version: 1.1.5 - Alienware) Hidden
Alienware Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
AudioLaunchpadConfigurator (HKLM\...\{3726345E-31B4-4A39-983E-1BCF0104DF75}) (Version: 1.1.501 - Alienware) Hidden
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4840 - AVAST Software)
CheckDevicesConfigurator (HKLM\...\{FD0044F5-AF4F-460B-BF79-6689558721C9}) (Version: 1.1.501 - Alienware) Hidden
ChessBase 14 64-bit (HKLM\...\{AC59D64C-BA1D-49AB-B8C9-D0366A1E7AAE}) (Version: 14.12.0.0 - ChessBase)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{9C32DD4A-3321-4BD5-BD11-C4B18ECE6AE7}) (Version: 3.2.0.4834 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{9ae76d49-72b5-402c-b900-0dc71ab8ebef}) (Version: 3.2.0.4834 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{AB1A407B-E492-4DA1-B024-F96606D1B0B7}) (Version: 3.2.0.4834 - Dell Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.31 - Compal Electronics, Inc.) Hidden
EMSC (HKLM-x32\...\InstallShield_{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.31 - Compal Electronics, Inc.) Hidden
ESET Premium Line Encryption (HKLM\...\{2B31C297-1E0A-4082-B95B-E41B8822FF3D}) (Version: 1.0.14 - ESET) Hidden
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.5.2 - Kionix, Inc.)
Fritz 16 64-bit (HKLM\...\{B4B187D1-3D23-47B8-9CAC-F71B2FE5C14F}) (Version: 16.4.0.0 - ChessBase)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.317 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Killer Ethernet Performance Suite (HKLM\...\{5A8D7377-2BAB-4880-A5FB-B91239BD771C}) (Version: 1.2.1268 - Rivet Networks)
Killer Wireless Drivers (HKLM\...\{76EAE8AA-E399-489C-80BC-A8E73114EF20}) (Version: 1.2.1268 - Rivet Networks)
LauncherSetup (HKLM\...\{57EB0016-CE37-4D09-8282-D83133249A0F}) (Version: 1.1.501 - Alienware) Hidden
Malwarebytes version 3.5.0.2508 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.0.2508 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-4247720935-3746245100-2290869119-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4247720935-3746245100-2290869119-500\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Nahimic2UISetup (HKLM\...\{D77F79ED-B98F-4DB9-8498-39C5AD2BE1FD}) (Version: 1.1.501 - Alienware) Hidden
NahimicSettingsConfigurator (HKLM\...\{F88A4367-5097-44EF-8E77-27D801B84B00}) (Version: 1.1.501 - Alienware) Hidden
NordVPN (HKLM-x32\...\{7296DD91-4FC7-47BB-B211-912D9E980FC7}) (Version: 6.13.13 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.13.13) (Version: 6.13.13 - NordVPN)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.115.1.12 - Overwolf Ltd.)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PlayChess  (HKLM\...\PlayChess) (Version:  - ChessBase GmbH)
ProductDaemonSetup (HKLM\...\{0638E5BA-125E-425D-BF01-8A6B0CDBB34E}) (Version: 1.1.501 - Alienware) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.13.2 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0517.051518 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
RogueKiller version 12.12.18.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.18.0 - Adlice Software)
Security Task Manager 2.1k (HKLM-x32\...\Security Task Manager) (Version: 2.1k - Neuber Software)
SonicMapperConfigurator (HKLM\...\{ED221F20-5D17-4703-8EB4-909DD736DB3E}) (Version: 1.1.501 - Alienware) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Tet Fw Files (HKLM-x32\...\{D7ECC60F-0EDA-4984-91BD-2F2C90A602BA}) (Version: 1.0.0.0 - Tobii AB) Hidden
Thunderbolt™ Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
Tobii Bundle Requirements (HKLM-x32\...\{0FC6EDE1-E1B6-4AC4-833B-3FBC2871A208}) (Version: 2.10.0.6432 - Tobii AB) Hidden
Tobii Eula (HKLM-x32\...\{D9EEAE28-8BC2-412B-BF40-6FF6C82F4F41}) (Version: 2.10.0.6432 - Tobii AB) Hidden
Tobii Eye Tracking (HKLM-x32\...\{def619fe-04aa-47e1-80aa-f1abc3cf15cd}) (Version: 2.10.0.6432 - Tobii AB)
Tobii EyeX (HKLM-x32\...\{B2EA04C5-7D62-49D4-AE5D-32A8E35101AB}) (Version: 1.21.0.8242 - Tobii AB) Hidden
Tobii EyeX Config (HKLM-x32\...\{8AC172FB-3932-4986-A965-368328B7D1FC}) (Version: 4.7.0.942 - Tobii AB) Hidden
Tobii EyeX Interaction (HKLM-x32\...\{C0ABCA5C-E706-4616-8F13-32CB34739B13}) (Version: 2.10.0.4588 - Tobii AB) Hidden
Tobii EyeX Intro (HKLM-x32\...\{AF629577-33D6-4486-B113-3E5FCDE497D0}) (Version: 1.0.3.173 - Moonshot) Hidden
Tobii IS3 Eye Tracker Driver (HKLM-x32\...\{432D9D4E-D79E-4451-BF37-E36174D92E29}) (Version: 2.0.4 - Tobii AB) Hidden
Tobii PTP Filter Driver (HKLM\...\{AB77784C-40BA-4ABD-B7D6-5296773E8B67}) (Version: 1.1.0.75 - Tobii AB) Hidden
Tobii Service (HKLM-x32\...\{454ACCE1-E688-47C5-95A7-BAD66F78AA00}) (Version: 1.21.0.7209 - Tobii AB) Hidden
Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
UIInstallUpgrade (HKLM\...\{AC37CB0E-29C5-4B76-A6EC-533D72670523}) (Version: 1.1.501 - Alienware) Hidden
VR Fw Files (HKLM-x32\...\{AAC4BA55-7772-4519-8BD1-283196AC490A}) (Version: 1.0.0.0 - Tobii AB) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - Kionix, Inc. (kiox_ff_driver) Sensor I/O devices  (06/13/2016 1.1.5.1) (HKLM\...\5627B7BF339E63F3AA7A6C19623784C368E02915) (Version: 06/13/2016 1.1.5.1 - Kionix, Inc.)
Windows Driver Package - Kionix, Inc. kxdiskprot DiskDrive  (06/07/2016 1.1.3.7) (HKLM\...\F142B352F2F78EFD9B5E44B41013374C53F9D567) (Version: 06/07/2016 1.1.3.7 - Kionix, Inc.)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4247720935-3746245100-2290869119-1001_Classes\CLSID\{c31ca596-532d-a36f-e223-ce16b9ac70a56}\InprocServer32 -> 0x9F4810095EE2D301A6BD10095EE2D301010000000100000000000000 => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2017-11-02] (DESlock Limited)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-04-23] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki123065.inf_amd64_2f07c50de2875789\igfxDTCM.dll [2017-06-29] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-04-23] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11DD5DD4-173B-4FB9-9150-6F558464651A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {1574ADC2-8840-45A6-B936-53CBAC77DE0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {1A66C4E6-CBA3-4D65-AD42-61F392B03ACF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {29A773DA-458E-48B6-BE9E-DAAB18E3DBE7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {2E0A5D52-215D-4FB0-832A-FAF3D49AA470} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {3231AFD3-B526-4B6D-9FA8-C92967C4C30B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc.)
Task: {351FE883-2F6A-4A2C-A2E0-676793A20E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {354C6801-BDD9-4B69-87A7-C392DC06A3DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {3EC0A9F2-D11F-4732-A8C4-91CB4F8E936F} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {49388622-4966-4F24-AD10-979DEE95A224} - System32\Tasks\AWSoundCenterUILauncherRun => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterUILauncher.exe [2016-12-15] (A-Volute)
Task: {577FC07B-5FB9-4302-BB8B-63ADD67A1CCB} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
Task: {6FD17A0E-3F73-4818-9C27-4277AB9ADFC6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {824E8982-EC31-44CD-AECB-625E33B3B2A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc.)
Task: {89883B06-497F-48B1-9F1B-5CA98C3F8E01} - System32\Tasks\AWSoundCenterSvc64Run => C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterSvc64.exe [2016-12-15] ()
Task: {8D168AFD-D550-4D6C-9A0A-BAEDD4E29FEF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-05-27] (Overwolf LTD)
Task: {8E22EB2A-DFE5-45E0-A35B-606BA3184B65} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {8E56B9CF-72E6-41A9-A2E4-FBA47B81EF09} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {8F145AB3-B78A-4F09-B807-8063144A803A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {93C881BC-D492-4492-9D24-C64607C3EB64} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {9DBE4F3C-93D9-4727-B271-0441895A1720} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-05-15] (AVAST Software)
Task: {A6270285-C9B7-4471-9DB6-594CCE51C33C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {AA41E2EE-EF8A-47C0-9D67-766AB84A4E64} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {AE3F5801-11FF-4776-AF50-FB0601BEAEB5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {BF4968A7-9F38-46F4-B9D5-26EED477B638} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {C6617DB3-A50E-45A5-BA19-AE9E89133DCD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 8eea2c9f-ab3f-47e9-bb75-7c8fbe303975 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {CA5D4D67-E43B-43A5-A078-9757D17B605C} - System32\Tasks\AWSoundCenterSvc32Run => C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterSvc32.exe [2016-12-15] ()
Task: {CA6F9538-FDE5-4284-BDA5-F54EB83B43A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {DDC0EDBA-AF8E-4D3B-A671-25A606080F82} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe
Task: {E75BE34B-57CA-4738-9E56-E9767FBAAA1F} - System32\Tasks\BundleApplicationRepairToolLauncherTask => C:\Users\Administrator\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe [2018-04-24] ()
Task: {F9D3E743-E836-4586-8DCA-B87CB8FD03BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {FD10A0CB-98EA-4278-9841-0DB9069DBA32} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-04-24] (AVAST Software)
Task: {FEC669F7-E2A7-4009-BDC6-CD42862F33D6} - System32\Tasks\SUPERAntiSpyware Scheduled Task dbd84923-0fbd-466b-9bec-68ce57ffdf76 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8eea2c9f-ab3f-47e9-bb75-7c8fbe303975.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbd84923-0fbd-466b-9bec-68ce57ffdf76.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-05-02 07:49 - 2018-05-02 07:49 - 000430840 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-12-15 10:14 - 2016-12-15 10:14 - 000199864 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\x64\AWSoundCenterDevProps.dll
2017-05-22 12:41 - 2017-05-22 12:41 - 002545088 _____ () C:\Program Files (x86)\Tobii\Service\Tobii Lite Core.exe
2018-05-15 05:30 - 2018-05-15 05:30 - 000283888 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2018-04-24 14:07 - 2018-03-23 21:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-04-24 08:07 - 2018-03-23 19:02 - 000135136 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-01-03 18:54 - 2017-10-10 21:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-18 07:27 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-18 07:27 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-02 04:55 - 2018-05-02 04:55 - 000119167 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll
2018-05-02 04:55 - 2018-05-02 04:55 - 000217887 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll
2018-04-25 07:08 - 2018-04-25 07:08 - 000178176 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.OpenvpnFwHelperPlugin.dll
2018-04-25 07:08 - 2018-04-25 07:08 - 000344576 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.Firewall.dll
2018-04-25 07:08 - 2018-04-25 07:08 - 000254464 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2017-05-19 19:58 - 2017-05-19 19:58 - 000051680 _____ () C:\Program Files (x86)\Tobii\Service\plugins\Tobii.EyeX.Controller.Service.Library.dll
2017-05-19 19:57 - 2017-05-19 19:57 - 000430048 _____ () C:\Program Files (x86)\Tobii\Service\tecs.host.dll
2017-05-19 19:58 - 2017-05-19 19:58 - 000191968 _____ () C:\Program Files (x86)\Tobii\Service\tecs.lite.dll
2017-05-19 19:57 - 2017-05-19 19:57 - 000051680 _____ () C:\Program Files (x86)\Tobii\Service\tecs.hid.dll
2017-05-19 19:57 - 2017-05-19 19:57 - 000161760 _____ () C:\Program Files (x86)\Tobii\Service\libtobii_windll.dll
2017-09-22 19:28 - 2017-09-22 19:28 - 000140664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-09-15 00:25 - 2016-09-15 00:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-15 10:10 - 2016-12-15 10:10 - 000174776 _____ () C:\Program Files\Alienware\AWSoundCenter\UserInterface\AWSoundCenterDevProps.dll
2017-05-22 12:41 - 2017-05-22 12:41 - 000118528 _____ () C:\Program Files (x86)\Tobii\Service\iframeclientDll.dll
2018-05-27 02:30 - 2018-05-15 05:27 - 000149744 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-05-27 02:30 - 2018-05-15 05:27 - 000179440 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-05-27 02:31 - 2018-04-30 04:08 - 000206576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativePhilipsHueWrapper.dll
2018-05-27 02:30 - 2018-05-15 05:27 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-05-27 02:31 - 2018-05-11 20:50 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-05-27 02:30 - 2018-05-15 05:27 - 000129776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-05-27 02:31 - 2018-05-11 20:51 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-05-27 02:30 - 2018-05-11 20:51 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-05-27 02:31 - 2018-05-11 20:51 - 000257776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-05-27 02:30 - 2018-05-15 05:27 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000284400 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_Battery.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000569072 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_DeviceStatus.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000283376 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_DriverMode.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000324336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_Lighting.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000148720 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_Mapping.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000560880 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_MappingBaseM.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000513776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_OnboardMem.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000307952 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_PollingRate.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000321776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_PowerManagement.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000285424 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_PowerSwitch.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000329456 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_Sensitivity.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000401648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_SurfaceCalBaseM.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_SurfaceCalPixart.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000284400 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_Battery.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000321264 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\Rsy3_DedicatedMatPowerIndicator.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000569072 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_DeviceStatus.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000283376 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_DriverMode.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000324336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_Lighting.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000148720 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_Mapping.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000560880 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_MappingBaseM.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000513776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_OnboardMem.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000307952 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_PollingRate.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000321776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_PowerManagement.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000285424 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_PowerSwitch.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000329456 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_Sensitivity.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000401648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_SurfaceCalBaseM.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia Mat\Bin\RSy3_SurfaceCalPixart.dll
2018-05-27 02:31 - 2018-04-30 04:28 - 000569072 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DeviceStatus.dll
2018-05-27 02:31 - 2018-04-30 04:28 - 000283376 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DriverMode.dll
2018-05-27 02:31 - 2018-05-08 07:25 - 000049904 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mia\Bin\RSy3_KeyboardKeys.dll
2018-01-03 18:54 - 2017-10-10 21:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-15 17:45 - 2018-05-15 17:47 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2018-05-15 17:45 - 2018-05-15 17:47 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2018-05-15 17:45 - 2018-05-15 17:47 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2018-05-15 17:45 - 2018-05-15 17:47 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2018-05-15 17:45 - 2018-05-15 17:47 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
2018-01-03 18:54 - 2017-10-10 21:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13925853.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82256961.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13925853.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82256961.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 09:46 - 2018-05-25 02:55 - 000450757 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15463 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4247720935-3746245100-2290869119-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\AW_EclipseHead_Final_2016.jpg
HKU\S-1-5-21-4247720935-3746245100-2290869119-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\dell\AW_EclipseHead_Final_2016.jpg
DNS Servers: 103.86.99.99 - 103.86.96.96
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "errorlog.txt"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKU\S-1-5-21-4247720935-3746245100-2290869119-500\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
15-05-2018 10:49:16 JRT Pre-Junkware Removal
17-05-2018 07:35:28 Installed ChessBase 14 64-bit
17-05-2018 11:50:26 JRT Pre-Junkware Removal
18-05-2018 08:31:41 JRT Pre-Junkware Removal
18-05-2018 23:53:27 JRT Pre-Junkware Removal
19-05-2018 03:58:38 JRT Pre-Junkware Removal
19-05-2018 07:08:55 JRT Pre-Junkware Removal
19-05-2018 07:21:36 JRT Pre-Junkware Removal
21-05-2018 05:38:46 JRT Pre-Junkware Removal
21-05-2018 13:18:38 JRT Pre-Junkware Removal
23-05-2018 21:43:13 JRT Pre-Junkware Removal
24-05-2018 06:47:05 JRT Pre-Junkware Removal
25-05-2018 02:13:23 JRT Pre-Junkware Removal
27-05-2018 09:50:07 JRT Pre-Junkware Removal
31-05-2018 10:33:12 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2018 10:29:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChessProgram16.exe, version: 16.12.0.0, time stamp: 0x5afaa201
Faulting module name: SView4.dll, version: 6.8.0.0, time stamp: 0x5afa8873
Exception code: 0xc0000005
Fault offset: 0x0000000000011f58
Faulting process id: 0x142c4
Faulting application start time: 0x01d3f8e33c943185
Faulting application path: C:\Program Files\ChessBase\ChessProgram16\ChessProgram16.exe
Faulting module path: C:\Program Files\ChessBase\ChessProgram16\SView4.dll
Report Id: c1a27b92-8385-4702-b804-ff5c54522b51
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/30/2018 03:16:35 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (05/30/2018 03:16:35 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (05/29/2018 05:36:34 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (05/29/2018 05:36:34 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (05/27/2018 08:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChessProgram16.exe, version: 16.12.0.0, time stamp: 0x5afaa201
Faulting module name: SView4.dll, version: 6.8.0.0, time stamp: 0x5afa8873
Exception code: 0xc0000005
Fault offset: 0x0000000000011f58
Faulting process id: 0x6d10
Faulting application start time: 0x01d3f58acf1cc039
Faulting application path: C:\Program Files\ChessBase\ChessProgram16\ChessProgram16.exe
Faulting module path: C:\Program Files\ChessBase\ChessProgram16\SView4.dll
Report Id: decb54cc-45e8-4121-b986-7329e4e7145f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/27/2018 08:12:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (05/27/2018 08:12:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
 
System errors:
=============
Error: (05/31/2018 10:38:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
 
Error: (05/31/2018 10:37:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFHWD2-Microsoft.MicrosoftSolitaireCollection.
 
Error: (05/31/2018 10:37:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFJBH4-Microsoft.Windows.Photos.
 
Error: (05/31/2018 10:37:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: ApplicationSet-CFQ7TTC0K56C-Microsoft.Office.Desktop.
 
Error: (05/31/2018 10:36:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.
 
Error: (05/31/2018 10:36:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFJ3PT-MICROSOFT.ZUNEMUSIC.
 
Error: (05/31/2018 10:34:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 10 Version 1709 for x64-based Systems (KB4041994).
 
Error: (05/31/2018 10:30:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFJBD8-Microsoft.XboxApp.
 
 
Windows Defender:
===================================
Date: 2018-05-21 13:15:03.352
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.267.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2018-05-21 13:15:03.352
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.267.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2018-05-21 13:15:03.352
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.267.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2018-04-24 18:33:36.947
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.267.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
 
Date: 2018-04-24 14:21:50.298
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.267.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
CodeIntegrity:
===================================
 
Date: 2018-05-31 10:29:19.793
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.790
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.786
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.783
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.779
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.673
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.670
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-05-31 10:29:19.666
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7820HK CPU @ 2.90GHz
Percentage of memory in use: 47%
Total physical RAM: 16253.19 MB
Available physical RAM: 8538 MB
Total Virtual: 17277.19 MB
Available Virtual: 8228.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.6 GB) (Free:116.64 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:722.69 GB) NTFS
 
\\?\Volume{03ffe169-6e54-42f7-a397-cd3dd9064f9a}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.38 GB) FAT32
\\?\Volume{0c3668ca-5e11-442e-9548-9189998e37e1}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.07 GB) NTFS
\\?\Volume{5c28431a-5dbe-4652-9089-62ae9190b7f5}\ (Image) (Fixed) (Total:12.73 GB) (Free:0.14 GB) NTFS
\\?\Volume{ea98b27b-d6f3-4640-a53b-acf3f7fa99a7}\ (DELLSUPPORT) (Fixed) (Total:1.06 GB) (Free:0.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0A9D41A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: C0A9CCDF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 ryanbozant

ryanbozant
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 31 May 2018 - 09:44 AM

No Windows CD. My problems range from having a virtual shell running to MBR problems to The Trojan Vundo embedded in my x86 system to being locked out of my appdata folders.


Edited by ryanbozant, 31 May 2018 - 09:45 AM.


#5 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:23 PM

Posted 02 June 2018 - 11:38 PM

Hello,

 

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. Please give me a little bit to look over the logs you posted, and I will post back here again as soon as I can.

 

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

 

Sincerely,

Sasschary



#6 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:23 PM

Posted 03 June 2018 - 12:59 PM

Hi ryanbozant,

Like I said earlier, my name is Zach, and I will be working with you to get your computer working again.

I will do my best to get your computer up and running as quickly as possible! However, there are a few things which I will need you to do if we want this process to go smoothly:

  • I need your system to stay in the state that it is at the last time I give you instructions. In other words, please do not do anything to your computer unless I have instructed you to do so.
  • If you do not understand an instruction, please stop immediately and tell me what you do not understand.
  • If there is something which seems to be working improperly, please stop and tell me what has happened.

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

Now that we've got that settled, let's get started...

Currently I am not seeing anything in the logs you gave me which indicate your computer is infected. However, if there is indeed an infection on your system, we'll make sure that we get it taken care of.

It looks like you have multiple AntiVirus programs installed.

It is not a good idea to have multiple antivirus programs installed on one computer, as this can result in conflicts between the two programs. Please choose which of the following programs you would like to continue to use, and then uninstall the other using the instructions below. I suggest keeping ESET Smart Security Premium and removing the other two, as that is a good program, and it also looks like you have a paid subscription to it.

Let's uninstall a few unneeded programs.

  • Right click your start menu,then click Apps and Features.
  • Find the following items in that list, and then, for each item, click Uninstall and follow the instructions on screen to uninstall it.
    • Spybot - Search and Destroy
    • Malwarebytes
    • ESET Smart Security Premium

Also, just so I know, if you could let me know which one you uninstalled, that would be great.

Let's run a fix using FRST.

  • Highlight the contents of the code box below, then press Ctrl + C on your keyboard to copy it, You do not need to paste it anywhere, it need only be in your clipboard.
    cmd: type C:\WINDOWS\SysWOW64\.bat
    VirusTotal: C:\WINDOWS\system32\Notifier.exe
  • From your desktop, right click FRST and click Run as Administrator.
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.
  • After the fix has been completes, FRST should create and open a file called Fixlog.txt in Notepad. Please copy and paste that file into your next reply.

In your next reply, please include the following:

  • Which AV program did you uninstall?
  • Fixlog.txt

sasschary


Edited by sasschary, 03 June 2018 - 01:00 PM.


#7 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:23 PM

Posted 06 June 2018 - 10:58 AM

Hi ryanbozant,,

 

Are you still with me?

 

Sasschary



#8 ryanbozant

ryanbozant
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 06 June 2018 - 02:08 PM

I am. Sorry for the delay. My wife was recently diagnosed with fibromyalgia so weve been dealing with that. I will get what you need by tomorrow. Thanks for your understanding.

#9 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:23 PM

Posted 09 June 2018 - 06:55 PM

Hi, ryanbozant,

 

I'm sorry to hear about your wife. Have you gotten a chance to work on your computer yet?

 

Sasschary



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 11 June 2018 - 08:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 13 June 2018 - 02:44 PM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 ryanbozant

ryanbozant
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 14 June 2018 - 06:08 AM

i kept ESET and I get an error message when I click "fix" in FRST64. something isnt in the same directory as something else



#13 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:23 PM

Posted 14 June 2018 - 01:42 PM

Hi ryanbozant,

 

Let's try running the FRST fix a different way.

We need to first create a fixlist for FRST to run.

  • Open Notepad and paste the text given below in the window.
    cmd: type C:\WINDOWS\SysWOW64\.bat
    VirusTotal: C:\WINDOWS\system32\Notifier.exe
    
  • Click File -> Save, and a Save As dialog box should appear.
  • In the Save As dialog, browse to your desktop.
  • Type fixlist in the File Name box and ensure that Text Documents (*.txt) is selected in the Save As Type box.
  • Click Save.

Now we need to run the fixlist.

  • Open a file explorer window to your desktop.
  • Right click on FRST and click Run as Administrator.
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.
  • After the fix has been completes, FRST should create and open a file called Fixlog.txt in Notepad. Please copy and paste that file into your next reply.

In your next reply, please include the following:

  • Fixlog.txt

sasschary



#14 ryanbozant

ryanbozant
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 14 June 2018 - 02:05 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Aliens (14-06-2018 15:04:46) Run:1
Running from C:\Users\Aliens\Desktop
Loaded Profiles: Aliens & Administrator (Available Profiles: Aliens & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: type C:\WINDOWS\SysWOW64\.bat
VirusTotal: C:\WINDOWS\system32\Notifier.exe
*****************
 
 
========= type C:\WINDOWS\SysWOW64\.bat =========
 
 
========= End of CMD: =========
 
"VirusTotal: C:\WINDOWS\system32\Notifier.exe" => not found
 
==== End of Fixlog 15:04:46 ====


#15 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:23 PM

Posted 17 June 2018 - 11:59 AM

Hi ryanbozant,


I'm not seeing anything malicious on your system.  There is nothing to worry about in the GMER screenshot you sent. The MBR code doesn't necessarily mean that anything is malicious, and the other two files are legitimate files for programs on your system. The csrss.exe file is part of Windows and the Client Server Runtime Process, and pwdspio.sys is a driver for the MiniTool Partition Wizard. As I said, I don't see anything malicious on your system, so, let's run one more scan, although I don't suspect that it should find much of anything.

Let's run a scan using AdwCleaner

Before running this software, please save and close anything which you have open, as AdwCleaner will likely force everything to close.

  • Download AdwCleaner from here and save it to your desktop.
  • On your desktop, right click AdwCleaner and click Run as Administrator.
  • If a User Account Control dialog box appears, click Yes to allow AdwCleaner to run.
  • When AdwCleaner opens, click Scan.
  • After the scan has completed, if any threats are found, click the Clean button. Otherwise, just tell me AdwCleaner found no threats and skip down to the next section.
  • AdwCleaner will ask you to save your data and close your programs. Once you have done so, click OK to continue.
  • Once AdwCleaner has completed the cleaning process, it will ask you to restart your computer. Click OK to allow AdwCleaner to restart your system.
  • Once your system has rebooted, a notepad window should appear. Please copy and paste its contents into your next reply.

In your next reply, please include the following:

  • AdwCleaner.txt

sasschary






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users