Alienware Recovery Disk For Internet Explorer

logobossscout.netlify.com › ► ► ► Alienware Recovery Disk For Internet Explorer

Alienware Recovery Disk For Internet Explorer Average ratng: 9,8/10 2581 votes

Alienware Recovery Download
Alienware Recovery Disk For Internet Explorer Download
Alienware Restore Disk

There are ads everywhere on google chrome and internet explorer and even on steam! I wanted to restore my X51 back to it's factory state. I had AlienRespawn and couldn't create a factory recovery media because it was not detecting my SanDisk USB flash drive so I went out and bought.

Hi,

My Alienware computer was infected so I restored from the factory OS setting from Alienware. I'm worried that my factory OS images were tampered with. When I ran FRST it generated the FRST.txt and Addition.txt file but no Fixlist.txt?

Here are my logs. I did disable Wifi btw:

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by Khaine (administrator) on DESKTOP-S1B6RDF (18-11-2018 18:08:31)
Running from C:UsersKhaineDesktop
Loaded Profiles: Khaine (Available Profiles: Khaine)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

Processes (Whitelisted)

Alienware Recovery Download

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryki123931.inf_amd64_750ee5716ca7ceccigfxCUIService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplay.NvContainerNVDisplay.Container.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkAudioService64.exe
(Windows ® Win 7 DDK provider) C:WindowsSystem32driversAdminService.exe
(Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryki123931.inf_amd64_750ee5716ca7ceccIntelCpHDCPSvc.exe
(Alienware) C:Program FilesAlienwareCommand CenterThermalsWindowsService.exe
(Rivet Networks) C:Program FilesKiller NetworkingKiller Control CenterKillerNetworkService.exe
(Intel Corporation) C:Program FilesIntelIntel® Ready Mode TechnologyIRMTService.exe
(Microsoft Corporation) C:Program FilesWindows DefenderMsMpEng.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNvTelemetryNvTelemetryContainer.exe
(Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryki123931.inf_amd64_750ee5716ca7ceccIntelCpHeciSvc.exe
(Microsoft Corporation) C:Program FilesWindows DefenderNisSrv.exe
(Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Alienware) C:Program FilesAlienwareCommand CenterAlienFusionService.exe
(Alienware) C:Program FilesAlienwareCommand CenterAlienFXWindowsService.exe
(Intel® Corporation) C:Program Files (x86)IntelIntel® Extreme Tuning UtilityXtuService.exe
(Dell Inc.) C:Program FilesDellSARemediationagentDellSupportAssistRemedationService.exe
(Dell Products, LP.) C:Program Files (x86)Dell Digital DeliveryDeliveryService.exe
(Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
(Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exe
(Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
() C:Program FilesAlienwareOCControlsOCControlsWindowsService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplay.NvContainerNVDisplay.Container.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryki123931.inf_amd64_750ee5716ca7ceccigfxEM.exe
(Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdge.exe
(Microsoft Corporation) C:WindowsSystem32browser_broker.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
(Alienware) C:Program FilesAlienwareCommand CenterAlienFusionController.exe
(Microsoft Corporation) C:Program FilesWindows DefenderMSASCuiL.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(Rivet Networks) C:Program FilesKiller NetworkingKiller Control CenterKillerControlCenter.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
() C:WindowsSystem32Windows.WARP.JITService.exe
(Dell Inc.) C:Program FilesDellSupportAssistAgentbinSupportAssistAgent.exe
(Alienware) C:Program FilesAlienwareCommand CenterAWCCServiceController.exe
(Alienware) C:Program FilesAlienwareCommand CenterThermalController.exe
(Alienware) C:Program FilesAlienwareCommand CenterAlienwareAlienFXController.exe
(Alienware) C:Program FilesAlienwareCommand CenterAWCCApplicationWatcher32.exe
(Alienware) C:Program FilesAlienwareCommand CenterAWCCApplicationWatcher64.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Dell Inc.) C:Program FilesDellDellDataVaultDDVRulesProcessor.exe
(Dell Inc.) C:Program FilesDellDellDataVaultDDVDataCollector.exe
(Dell Inc.) C:Program FilesDellDellDataVaultDDVCollectorSvcApi.exe
(PC-Doctor, Inc.) C:Program FilesDellSupportAssistAgentPCDrSupportAssist6.0.6992.1382DSAPI.exe
(PC-Doctor, Inc.) C:Program FilesDellSupportAssistAgentPCDrSupportAssist6.0.6992.1382pcdrwi.exe
(Dell Inc.) C:Program FilesDellDellDataVaultnvapiw.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
() C:WindowsSystem32Windows.WARP.JITService.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
() C:WindowsSystem32Windows.WARP.JITService.exe
(Microsoft Corporation) C:WindowsWinSxSamd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8eTiWorker.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdgeCP.exe
(Malwarebytes) C:UsersKhaineAppDataLocalPackagesMicrosoft.MicrosoftEdge_8wekyb3d8bbweTempStateDownloadsadwcleaner_7.2.4.0.exe
(Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Microsoft Corporation) C:WindowsSystem32SrTasks.exe
(Microsoft Corporation) C:WindowsSoftwareDistributionDownloadInstallWindows-KB890830-x64-V5.66.exe
(Microsoft Corporation) C:WindowsSystem32MRT.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSysWOW64dllhost.exe
(Microsoft Corporation) C:WindowsSysWOW64dllhost.exe

Registry (Whitelisted)

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...Run: [SecurityHealth] => C:Program FilesWindows DefenderMSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM...Run: [ShadowPlay] => 'C:Windowssystem32rundll32.exe' C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
HKLM...Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [321096 2017-07-25] (Intel Corporation)
HKLM...Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [9235944 2017-09-06] (Realtek Semiconductor)
HKLM...Run: [RtHDVBg_PushButton] => C:Program FilesRealtekAudioHDARAVBg64.exe [1493992 2017-09-06] (Realtek Semiconductor)
HKLM...Run: [] => [X]
HKLM...Run: [AlienwareMobileConnectWelcome] => C:Program FilesAlienwareAlienwareMobileConnectDriversAlienwareMobileConnectWelcome.exe [228872 2017-11-06] (Screenovate Technologies Ltd.)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupKiller Control Center.lnk [2018-03-13]
ShortcutTarget: Killer Control Center.lnk -> C:Program FilesKiller NetworkingKiller Control CenterKillerControlCenter.exe (Rivet Networks)

Internet (Whitelisted)

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 10.0.0.1
Tcpip..Interfaces{a6b87886-51b0-462e-abe7-617b46256cfb}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
HKUS-1-5-21-622146817-2833490119-1229763320-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKUS-1-5-21-622146817-2833490119-1229763320-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKUS-1-5-21-622146817-2833490119-1229763320-1001SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us

FireFox:
FF Plugin-x32: @nvidia.com/3DVision -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll [2017-10-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2017-10-09] (NVIDIA Corporation)

Services (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AESMService; C:WindowsSystem32DriverStoreFileRepositorysgx_psw.inf_amd64_9008c589d5116a6baesm_service.exe [3364640 2018-08-31] (Intel Corporation)
R2 AlienFXWindowsService; C:Program FilesAlienwareCommand CenterAlienFXWindowsService.exe [14880 2017-09-01] (Alienware)
R2 AtherosSvc; C:Windowssystem32DRIVERSAdminService.exe [414728 2017-11-09] (Windows ® Win 7 DDK provider)
R2 DDVCollectorSvcApi; C:Program FilesDellDellDataVaultDDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
R2 DDVDataCollector; C:Program FilesDellDellDataVaultDDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
R2 DDVRulesProcessor; C:Program FilesDellDellDataVaultDDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
R2 Dell Hardware Support; C:Program FilesDellSupportAssistAgentPCDrSupportAssist6.0.6992.1382DSAPI.exe [1002816 2018-11-18] (PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:Program FilesDellSARemediationagentDellSupportAssistRemedationService.exe [119840 2017-11-03] (Dell Inc.)
S2 DellUpdate; C:Program Files (x86)Alienware UpdateDellUpService.exe [232296 2017-09-14] (Dell Inc.)
S3 iaStorAfsService; C:WindowsIAStorAfsServiceiaStorAfsService.exe [2414264 2017-07-26] (Intel Corporation)
R2 IAStorDataMgrSvc; C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [17992 2017-07-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:Program FilesIntelIntel® Management Engine ComponentsiCLSSocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:Program FilesIntelIntel® Management Engine ComponentsiCLSTPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
S3 ioloEnergyBooster; C:Program FilesAlienwareCommand CenterioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 IRMTService; C:Program FilesIntelIntel® Ready Mode TechnologyIRMTService.exe [183424 2017-08-08] (Intel Corporation)
R2 jhi_service; C:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 Killer Network Service x64; C:Program FilesKiller NetworkingKiller Control CenterKillerNetworkService.exe [2197184 2017-09-21] (Rivet Networks)
R2 OCControlsWindowsService; C:Program FilesAlienwareOCControlsOCControlsWindowsService.exe [17432 2017-09-04] ()
R2 RtkAudioService; C:Program FilesRealtekAudioHDARtkAudioService64.exe [324584 2017-09-06] (Realtek Semiconductor)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [4329952 2018-03-13] (Microsoft Corporation)
R2 SupportAssistAgent; C:Program FilesDellSupportAssistAgentbinSupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R2 ThermalsWindowsService; C:Program FilesAlienwareCommand CenterThermalsWindowsService.exe [14368 2017-09-01] (Alienware)
R3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 XTU3SERVICE; C:Program Files (x86)IntelIntel® Extreme Tuning UtilityXtuService.exe [18264 2017-08-04] (Intel® Corporation)
S3 NvContainerLocalSystem; 'C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe' -s NvContainerLocalSystem -a -f 'C:ProgramDataNVIDIANvContainerLocalSystem.log' -l 3 -d 'C:Program FilesNVIDIA CorporationNvContainerpluginsLocalSystem' -r -p 30000
S3 NvContainerNetworkService; 'C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe' -s NvContainerNetworkService -f 'C:ProgramDataNVIDIANvContainerNetworkService.log' -l 3 -d 'C:Program FilesNVIDIA CorporationNvContainerpluginsNetworkService' -r -p 30000
R2 NVDisplay.ContainerLocalSystem; 'C:Program FilesNVIDIA CorporationDisplay.NvContainerNVDisplay.Container.exe' -s NVDisplay.ContainerLocalSystem -f 'C:ProgramDataNVIDIANVDisplay.ContainerLocalSystem.log' -l 3 -d 'C:Program FilesNVIDIA CorporationDisplay.NvContainerpluginsLocalSystem' -r -p 30000
R2 NvTelemetryContainer; 'C:Program Files (x86)NVIDIA CorporationNvTelemetryNvTelemetryContainer.exe' -s NvTelemetryContainer -f 'C:ProgramDataNVIDIANvTelemetryContainer.log' -l 3 -d 'C:Program Files (x86)NVIDIA CorporationNvTelemetryplugin'

Drivers (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BtFilter; C:Windowssystem32DRIVERSbtfilter.sys [70544 2017-11-09] (Qualcomm)
R3 DDDriver; C:Windowssystem32driversDDDriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
S3 DellProf; C:Windowssystem32driversDellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 e2xw10x64; C:WindowsSystem32driverse2xw10x64.sys [165608 2017-09-06] (Qualcomm Atheros, Inc.)
R3 HfAudio; C:Windowssystem32DRIVERSHfAudio.sys [65008 2018-03-13] (Screenovate Technologies Ltd.)
S3 iaLPSS2_GPIO2; C:WindowsSystem32driversiaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel Corporation)
S3 iaStorAfs; C:WindowsSystem32driversiaStorAfs.sys [70664 2017-07-26] (Intel Corporation)
S3 IntelReadyModeDriver; C:WindowsSystem32driversIntelReadyModeDriver.sys [34712 2017-08-08] (Intel Corporation)
R2 iocbios2; C:Program Files (x86)IntelIntel® Extreme Tuning UtilityDriversIocDriver64bitiocbios2.sys [37880 2017-05-10] (Intel Corporation)
R1 MpKslc2f90554; C:ProgramDataMicrosoftWindows DefenderDefinition UpdatesDefaultMpKslc2f90554.sys [44928 2018-11-18] (Microsoft Corporation)
R3 nvlddmkm; C:WindowsSystem32DriverStoreFileRepositorynvdd.inf_amd64_1beb6cbf8800706cnvlddmkm.sys [16923248 2017-10-19] (NVIDIA Corporation)
S3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:Windowssystem32driversnvvad64v.sys [48064 2017-09-19] (NVIDIA Corporation)
R3 nvvhci; C:WindowsSystem32driversnvvhci.sys [57792 2017-09-19] (NVIDIA Corporation)
R2 RfeCoSvc; C:Windowssystem32DRIVERSRfeCo10X64.sys [129776 2017-09-21] (Rivet Networks, LLC.)
R3 ScrHIDDriver; C:Windowssystem32DRIVERSScrHIDDriver.sys [58864 2018-03-13] (Screenovate Technologies Ltd.)
S3 smbdirect; C:WindowsSystem32DRIVERSsmbdirect.sys [151552 2018-03-13] (Microsoft Corporation)
S0 WdBoot; C:WindowsSystem32driversWdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:WindowsSystem32driversWdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R3 XtuAcpiDriver; C:WindowsSystem32driversXtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)

NetSvcs (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

One Month Created files and folders

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-18 20:43 - 2018-11-18 20:44 - 000000000 ____D C:tmp
2018-11-18 19:48 - 2018-11-18 19:48 - 000000020 ___SH C:Usersdefaultuser0ntuser.ini
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 _SHDL C:Documents and Settings
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 __SHD C:Usersdefaultuser0IntelGraphicsProfiles
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 ____D C:WindowsCSC
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 ____D C:Usersdefaultuser0AppDataLocalVirtualStore
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 ____D C:Usersdefaultuser0AppDataLocalConnectedDevicesPlatform
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 ____D C:Usersdefaultuser0
2018-11-18 19:48 - 2018-11-18 19:48 - 000000000 ____D C:ProgramDataUSOShared
2018-11-18 19:48 - 2018-11-18 17:50 - 000000000 ____D C:Usersdefaultuser0AppDataLocalPackages
2018-11-18 18:08 - 2018-11-18 18:08 - 137810048 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe
2018-11-18 18:08 - 2018-11-18 18:08 - 000000000 ____D C:Windowssystem32MRT
2018-11-18 18:08 - 2018-11-18 18:08 - 000000000 ____D C:UsersKhaineAppDataLocalPlaceholderTileLogoFolder
2018-11-18 18:08 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:Windowssystem32osrss.dll
2018-11-18 18:06 - 2018-11-18 18:06 - 000000000 ____D C:AdwCleaner
2018-11-18 18:02 - 2018-11-18 18:02 - 000000000 ___HD C:$WINDOWS.~BT
2018-11-18 17:59 - 2018-11-18 17:59 - 000000000 ____D C:UsersKhaineAppDataLocalDell
2018-11-18 17:56 - 2018-05-04 04:37 - 000278448 _____ (Microsoft Corporation) C:Windowssystem32Notifier.exe
2018-11-18 17:55 - 2018-11-18 18:08 - 000016585 _____ C:UsersKhaineDesktopFRST.txt
2018-11-18 17:55 - 2018-11-18 18:08 - 000000000 ____D C:FRST
2018-11-18 17:55 - 2018-11-18 17:55 - 000000000 ____D C:UsersKhaineDocumentsAlienFX
2018-11-18 17:55 - 2018-11-18 17:55 - 000000000 ____D C:UsersKhaineAppDataRoamingPCDr
2018-11-18 17:55 - 2018-11-18 17:55 - 000000000 ____D C:UsersKhaineAppDataLocalComms
2018-11-18 17:55 - 2018-11-18 17:55 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDell
2018-11-18 17:54 - 2018-11-18 17:54 - 002416128 _____ (Farbar) C:UsersKhaineDesktopFRST64.exe
2018-11-18 17:54 - 2018-11-18 17:54 - 000000000 ____D C:UsersKhaineAppDataLocalCEF
2018-11-18 17:54 - 2018-11-18 17:54 - 000000000 ____D C:ProgramDataDell Inc
2018-11-18 17:53 - 2018-11-18 17:53 - 000003378 _____ C:WindowsSystem32TasksOneDrive Standalone Update Task-S-1-5-21-622146817-2833490119-1229763320-1001
2018-11-18 17:53 - 2018-11-18 17:53 - 000000000 ____D C:UsersKhaineAppDataRoamingIntel Corporation
2018-11-18 17:52 - 2018-11-18 17:54 - 000000000 ____D C:UsersKhaineAppDataLocalNVIDIA Corporation
2018-11-18 17:52 - 2018-11-18 17:53 - 000002368 _____ C:UsersKhaineAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2018-11-18 17:52 - 2018-11-18 17:53 - 000000000 ___RD C:UsersKhaineOneDrive
2018-11-18 17:52 - 2018-11-18 17:52 - 000000000 ____D C:UsersKhaineAppDataLocalAlienware
2018-11-18 17:52 - 2018-11-18 17:52 - 000000000 ____D C:ProgramDataMicrosoft OneDrive
2018-11-18 17:51 - 2018-11-18 17:51 - 000000000 ___HD C:UsersKhaineMicrosoftEdgeBackups
2018-11-18 17:51 - 2018-11-18 17:51 - 000000000 ____D C:UsersKhaineAppDataLocalPublishers
2018-11-18 17:51 - 2018-11-18 17:51 - 000000000 ____D C:UsersKhaineAppDataLocalMicrosoftEdge
2018-11-18 17:50 - 2018-11-18 18:08 - 000000000 ____D C:UsersKhaineAppDataLocalPackages
2018-11-18 17:50 - 2018-11-18 17:52 - 000000000 ____D C:UsersKhaineAppDataLocalVirtualStore
2018-11-18 17:50 - 2018-11-18 17:52 - 000000000 ____D C:UsersKhaine
2018-11-18 17:50 - 2018-11-18 17:50 - 000000020 ___SH C:UsersKhainentuser.ini
2018-11-18 17:50 - 2018-11-18 17:50 - 000000000 __SHD C:UsersKhaineIntelGraphicsProfiles
2018-11-18 17:50 - 2018-11-18 17:50 - 000000000 ___RD C:UsersKhaine3D Objects
2018-11-18 17:50 - 2018-11-18 17:50 - 000000000 ____D C:UsersKhaineAppDataRoamingAdobe
2018-11-18 17:50 - 2018-11-18 17:50 - 000000000 ____D C:UsersKhaineAppDataLocalConnectedDevicesPlatform
2018-10-20 16:34 - 2018-10-20 16:34 - 000036400 _____ (Dell Inc.) C:Windowssystem32Driversdddriver64Dcsa.sys

One Month Modified files and folders

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-18 19:48 - 2018-03-13 20:12 - 000003256 _____ C:WindowsSystem32TasksDell SupportAssistAgent AutoUpdate
2018-11-18 19:48 - 2018-03-13 20:09 - 000002034 _____ C:WindowsSystem32TasksRestoreDefaultOcSetting
2018-11-18 19:48 - 2018-03-13 20:06 - 000002256 _____ C:WindowsSystem32TasksAlways Ready Mode
2018-11-18 19:48 - 2018-03-13 20:06 - 000002198 _____ C:WindowsSystem32TasksAWCC Orchestrator
2018-11-18 19:48 - 2018-03-13 20:03 - 000003398 _____ C:WindowsSystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:03 - 000003180 _____ C:WindowsSystem32TasksIntel PTT EK Recertification
2018-11-18 19:48 - 2018-03-13 20:03 - 000003176 _____ C:WindowsSystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:03 - 000002968 _____ C:WindowsSystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:02 - 000002984 _____ C:WindowsSystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:02 - 000002956 _____ C:WindowsSystem32TasksNvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:02 - 000002838 _____ C:WindowsSystem32TasksNvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:02 - 000002786 _____ C:WindowsSystem32TasksNvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 20:02 - 000002744 _____ C:WindowsSystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-18 19:48 - 2018-03-13 19:57 - 000000006 ____H C:WindowsTasksSA.DAT
2018-11-18 19:48 - 2017-09-29 08:46 - 000000000 ____D C:ProgramDataUSOPrivate
2018-11-18 18:08 - 2017-09-29 08:46 - 000000000 ___HD C:Program FilesWindowsApps
2018-11-18 18:08 - 2017-09-29 08:46 - 000000000 ____D C:WindowsDeliveryOptimization
2018-11-18 18:08 - 2017-09-29 08:46 - 000000000 ____D C:WindowsAppReadiness
2018-11-18 18:08 - 2017-09-29 08:37 - 000000000 ____D C:WindowsCbsTemp
2018-11-18 18:02 - 2018-03-13 20:06 - 000000000 ____D C:WindowsPanther
2018-11-18 17:55 - 2018-03-13 20:24 - 000000000 ____D C:ProgramDataAlienware
2018-11-18 17:55 - 2018-03-13 19:59 - 000000000 ____D C:ProgramDataPCDr
2018-11-18 17:55 - 2018-03-13 19:59 - 000000000 ____D C:Program FilesAlienware
2018-11-18 17:55 - 2017-09-29 08:44 - 000000000 ____D C:WindowsINF
2018-11-18 17:54 - 2018-03-13 20:02 - 000000000 ____D C:ProgramDataNVIDIA
2018-11-18 17:53 - 2018-03-13 20:01 - 000958738 _____ C:Windowssystem32PerfStringBackup.INI
2018-11-18 17:52 - 2018-03-13 20:03 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNVIDIA Corporation
2018-11-18 17:52 - 2018-03-13 20:02 - 000000000 ____D C:ProgramDataNVIDIA Corporation
2018-11-18 17:50 - 2018-03-13 20:07 - 000000000 __RHD C:UsersPublicAccountPictures
2018-11-18 17:50 - 2017-09-29 08:46 - 000000000 ____D C:Windowssystem32WinBioDatabase
2018-11-18 17:49 - 2018-03-13 20:03 - 000000000 ____D C:ProgramDataIntel

Bamital & volsnap

(There is no automatic fix for files that do not pass verification.)

C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed

End of FRST.txt

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by Khaine (18-11-2018 18:08:53)
Running from C:UsersKhaineDesktop
Windows 10 Pro Version 1709 16299.192 (X64) (2018-11-19 00:48:12)
Boot Mode: Normal

Accounts:

Administrator (S-1-5-21-622146817-2833490119-1229763320-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-622146817-2833490119-1229763320-503 - Limited - Disabled)
Guest (S-1-5-21-622146817-2833490119-1229763320-501 - Limited - Disabled)
Khaine (S-1-5-21-622146817-2833490119-1229763320-1001 - Administrator - Enabled) => C:UsersKhaine
WDAGUtilityAccount (S-1-5-21-622146817-2833490119-1229763320-504 - Limited - Disabled)

Security Center

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Installed Programs

(Only the adware programs with 'Hidden' flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alienware Command Center (HKLM...{00807626-BB07-43A8-A2AF-C986341DE990}) (Version: 4.8.20.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32...InstallShield_{00807626-BB07-43A8-A2AF-C986341DE990}) (Version: 4.8.20.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32...{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Alienware Mobile Connect Drivers (HKLM...{349C034E-668A-465D-A36A-6B1CF81EAE1F}) (Version: 1.1.3751 - Screenovate Technologies Ltd.)
Alienware Update (HKLM-x32...{7BA51226-669B-4ED4-84C3-27E59E264D1A}) (Version: 1.9.60.0 - Dell Inc.)
Ansel (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 387.95 - NVIDIA Corporation) Hidden
Dell SupportAssist (HKLM...{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell SupportAssist Remediation (HKLM...{9C32DD4A-3321-4BD5-BD11-C4B18ECE6AE7}) (Version: 3.2.0.4834 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32...{9ae76d49-72b5-402c-b900-0dc71ab8ebef}) (Version: 3.2.0.4834 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM...{AB1A407B-E492-4DA1-B024-F96606D1B0B7}) (Version: 3.2.0.4834 - Dell Inc.)
DSC/AA Factory Installer (HKLM...{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32...{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4758 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.8.0.1006 - Intel Corporation)
Intel® Ready Mode Technology (HKLM...{DBF0CA69-EADE-4CE0-8C09-D200FE80BCDC}) (Version: 1.1.70.534 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32...{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32...{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Killer Ethernet Performance Driver Suite (HKLM...{B3E0B196-E239-4165-89C3-F82446C76D56}) (Version: 1.4.1494 - Rivet Networks)
Microsoft OneDrive (HKUS-1-5-21-622146817-2833490119-1229763320-1001...OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32...{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA 3D Vision Driver 387.95 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 387.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 387.95 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 387.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OC Controls (HKLM...{F8CFE89E-9D49-4ACE-84FC-D13AF05377BE}) (Version: 1.0.5.0 - Dell Inc.) Hidden
OC Controls (HKLM-x32...InstallShield_{F8CFE89E-9D49-4ACE-84FC-D13AF05377BE}) (Version: 1.0.5.0 - Dell Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32...{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8248 - Realtek Semiconductor Corp.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM...VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM...VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM...VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Custom CLSID (Whitelisted):

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WindowsSystem32DriverStoreFileRepositoryki123931.inf_amd64_750ee5716ca7ceccigfxDTCM.dll [2017-08-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:Windowssystem32nvshext.dll [2017-10-09] (NVIDIA Corporation)

Scheduled Tasks (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CB54C57-6B4C-47F0-A7E8-C450F1F9BAAE} - System32TasksNvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {0DE82BD4-129F-4491-B0F4-8DF9FF214375} - System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {2C6D1F98-589E-45E0-93E4-A1C461D8992D} - System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {389F8489-2784-4A33-988F-6B38B59E8701} - System32TasksNvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {4A8E867A-D30B-4772-BF2D-A8F79DCD4DA5} - System32TasksAWCC Orchestrator => C:Program FilesAlienwareCommand CenterAWCCStartupOrchestrator.exe [2017-09-01] (Alienware)
Task: {4DB07727-6838-42FB-8064-8865212C6217} - System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
Task: {55E7E1AE-6EFC-4201-9052-BB48C261FAAC} - System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
Task: {5971039B-3B31-4DB0-BC75-B5CF880DBC18} - System32TasksNvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmMon.exe [2017-09-19] (NVIDIA Corporation)
Task: {7A380F6F-8E67-4ED1-94BA-5C840262F0BC} - System32TasksAlways Ready Mode => C:Program FilesAlienwareCommand CenterULPMEnter.exe [2017-09-01] ()
Task: {B09EF1A5-4FAF-4249-AC1B-06D524F885B8} - System32TasksRestoreDefaultOcSetting => C:Program FilesAlienwareOCControlsdelete_intelBinFile.bat [2017-09-01] ()
Task: {C0005D16-5851-4A27-947B-1564D04A966A} - System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {DCBCCA7F-E35D-472C-8146-DF554D9C58BB} - System32TasksIntel PTT EK Recertification => C:Program FilesIntelIntel® Management Engine ComponentsiCLSIntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {F107EE30-F7B1-4279-8518-6AA30D9C1EF6} - System32TasksDell SupportAssistAgent AutoUpdate => C:Program FilesDellSupportAssistAgentbinSupportAssist.exe [2018-10-25] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Shortcuts & WMI

(The entries could be listed to be restored or removed.)

Loaded Modules (Whitelisted)

2017-06-26 19:52 - 2017-06-26 19:52 - 000110632 _____ () C:WindowsSYSTEM32ThermalSupportAPI_x64.dll
2017-09-04 04:09 - 2017-09-04 04:09 - 000017432 _____ () C:Program FilesAlienwareOCControlsOCControlsWindowsService.exe
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:WindowsSYSTEM32inputhost.dll
2018-03-13 20:02 - 2017-10-09 18:04 - 000133568 _____ () C:Program FilesNVIDIA CorporationDisplayNvSmartMax64.dll
2018-03-13 20:52 - 2018-03-13 20:52 - 011044864 _____ () C:WindowsSystemAppsMicrosoft.Windows.Cortana_cw5n1h2txyewyCortanaApi.dll
2018-03-13 20:52 - 2018-03-13 20:52 - 001804288 _____ () C:WindowsSystemAppsMicrosoft.Windows.Cortana_cw5n1h2txyewyCortana.Core.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000030208 _____ () C:Windowssystem32Windows.WARP.JITService.exe
2018-11-18 17:55 - 2018-11-18 17:55 - 002587976 _____ () C:Program FilesDellSupportAssistAgentPCDrSupportAssist6.0.6992.1382libprotobuf.dll
2017-09-29 09:43 - 2017-09-29 09:43 - 000203264 _____ () C:Program FilesWindowsAppsMicrosoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5cSkypeBackgroundTasks.dll
2017-09-29 09:44 - 2017-09-29 09:44 - 000819200 _____ () C:Program FilesWindowsAppsMicrosoft.WindowsAlarms_10.1706.2401.0_x64__8wekyb3d8bbweTimeBackground.dll
2017-09-29 09:45 - 2017-09-29 09:45 - 000886784 _____ () C:Program FilesWindowsAppsMicrosoft.XboxGameOverlay_1.20.25002.0_x64__8wekyb3d8bbweGameBarTasks.dll
2017-09-29 09:44 - 2017-09-29 09:44 - 033808384 _____ () C:Program FilesWindowsAppsMicrosoft.XboxApp_31.32.16002.0_x64__8wekyb3d8bbweXboxApp.dll
2017-09-29 09:45 - 2017-09-29 09:45 - 016770048 _____ () C:Program FilesWindowsAppsMicrosoft.WindowsMaps_5.1706.2261.0_x64__8wekyb3d8bbweMaps.dll
2017-09-29 09:45 - 2017-09-29 09:45 - 000357376 _____ () C:Program FilesWindowsAppsMicrosoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbweMicrosoft.Wallet.dll
2017-09-22 17:28 - 2017-09-22 17:28 - 000140664 _____ () c:Program Files (x86)Dell Digital DeliveryServiceTagPlusPlus.dll
2017-11-09 02:44 - 2017-11-09 02:44 - 001244304 _____ () C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSACE.dll

Alternate Data Streams (Whitelisted)

(If an entry is included in the fixlist, only the ADS will be removed.)

Safe Mode (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The 'AlternateShell' will be restored.)

Association (Whitelisted)

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

Internet Explorer trusted/restricted

(If an entry is included in the fixlist, it will be removed from the registry.)

Hosts content:

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:Windowssystem32Driversetchosts

Other Areas

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-622146817-2833490119-1229763320-1001Control PanelDesktopWallpaper -> C:WindowswebwallpaperdellAW_EclipseHead_Final_2016.jpg
DNS Servers: 10.0.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

MSCONFIG/TASK MANAGER disabled items

If an entry is included in the fixlist, it will be removed.

FirewallRules (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B21A7B38-21E2-403A-88B3-008CAA9786E5}] => (Allow) C:Program FilesWindowsAppsScreenovateTechnologies.AlienwareMobileConnect_1.1.3751.0_x64__0vhbc3ng4wbp0appAlienwareMobileConnectClient.exe
FirewallRules: [{371D389E-EEA3-4873-A014-4CD92712941A}] => (Allow) C:Program FilesWindowsAppsScreenovateTechnologies.AlienwareMobileConnect_1.1.3751.0_x64__0vhbc3ng4wbp0appAlienwareMobileConnectClient.exe

Restore Points

Faulty Device Manager Devices

Name: Qualcomm QCA9377 802.11ac Wireless Adapter
Description: Qualcomm QCA9377 802.11ac Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Communications Inc.
Service: Qcamain10x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click 'Action', and then click 'Enable Device'. This starts the Enable Device wizard. Follow the instructions.

Event log errors:

Application errors:
Error: (11/18/2018 05:51:06 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (6348,P,0) TILEREPOSITORYS-1-5-21-622146817-2833490119-1229763320-1001: An attempt to open the device with name '.C:' containing 'C:' failed with system error 5 (0x00000005): 'Access is denied. '. The operation will fail with error -1032 (0xfffffbf8).

Alienware Recovery Disk For Internet Explorer Download

Error: (11/18/2018 05:51:06 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (6348,P,0) TILEREPOSITORYS-1-5-21-622146817-2833490119-1229763320-1001: An attempt to open the device with name '.C:' containing 'C:' failed with system error 5 (0x00000005): 'Access is denied. '. The operation will fail with error -1032 (0xfffffbf8).

Error: (11/18/2018 07:48:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
Error: (11/18/2018 06:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2018 06:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2018 06:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Memory info

Processor: Intel® Core™ i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 17%
Total physical RAM: 32575.15 MB
Available physical RAM: 26823.82 MB
Total Virtual: 37695.15 MB
Available Virtual: 31292.61 MB

Drives

Drive c: (OS) (Fixed) (Total:938.54 GB) (Free:887.05 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:931.18 GB) NTFS

?Volume{cafe67cf-d5f6-464f-b796-650b5d6958bd} (ESP) (Fixed) (Total:0.48 GB) (Free:0.41 GB) FAT32
?Volume{68191aad-ac91-4fa7-9c71-03c5d3ace8cf} (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
?Volume{f5e97359-68d7-404f-8f4d-be363b08f33e} (Image) (Fixed) (Total:13.19 GB) (Free:0.2 GB) NTFS
?Volume{ec968eb2-8a37-4960-bec8-d90522712c55} (DELLSUPPORT) (Fixed) (Total:1.06 GB) (Free:0.48 GB) NTFS

Alienware Restore Disk

MBR & Partition Table

Disk: 0 (Size: 931.5 GB) (Disk ID: 0782B79E)

Disk: 1 (Size: 953.9 GB) (Disk ID: 0782B7D1)

End of Addition.txt

Active2 years, 7 months ago

Where does Internet Explorer store saved passwords?

And since this is a programming site, i'm not literally asking for the location where IE stores passwords, but which API ie uses to save passwords.

At first i assumed that Microsoft was using the standard api:

which is used to save domain and generic program/web-site credentials.

CredRead/CredWrite then turn around around and use:

to encrypt data with the current user's account. CredRead/CredWrite then store the data in some magical location, contents of which you can see from the Control Panel:

But i don't see IE passwords in there. So ie doesn't store passwords using CredRead/CredWrite.

What api does IE use to store passwords, and if it uses CryptProtectData, where does it then store the protected data?

Edit: The reason i ask needs no explanation (since it's pretty obvious), but it's because i might want to use the same mechanism.

Ian Boyd

Ian BoydIan Boyd

129k201 gold badges719 silver badges1040 bronze badges

3 Answers

i found the answer. IE stores passwords in two different locations based on the password type:

Http-Auth:%APPDATA%MicrosoftCredentials, in encrypted files
Form-based:HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerIntelliFormsStorage2, encrypted with the url

From a very good page on NirSoft.com:

Starting from version 7.0 of Internet Explorer, Microsoft completely changed the way that passwords are saved. In previous versions (4.0 - 6.0), all passwords were saved in a special location in the Registry known as the 'Protected Storage'. In version 7.0 of Internet Explorer, passwords are saved in different locations, depending on the type of password. Each type of passwords has some limitations in password recovery:

AutoComplete Passwords: These passwords are saved in the following location in the Registry: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerIntelliFormsStorage2 The passwords are encrypted with the URL of the Web sites that asked for the passwords, and thus they can only be recovered if the URLs are stored in the history file. If you clear the history file, IE PassView won't be able to recover the passwords until you visit again the Web sites that asked for the passwords. Alternatively, you can add a list of URLs of Web sites that requires user name/password into the Web sites file (see below).
HTTP Authentication Passwords: These passwords are stored in the Credentials file under Documents and SettingsApplication DataMicrosoftCredentials, together with login passwords of LAN computers and other passwords. Due to security limitations, IE PassView can recover these passwords only if you have administrator rights.

In my particular case it answers the question of where; and i decided i don't want to duplicate that. i'll continue to use CredRead/CredWrite, where the user can manage their passwords from within an established UI system in Windows.

Ian BoydIan Boyd

129k201 gold badges719 silver badges1040 bronze badges

Short answer: in the Vault. Since Windows 7, a Vault was created for storing any sensitive data among it the credentials of Internet Explorer.The Vault is in fact a LocalSystem service - vaultsvc.dll.

Long answer:Internet Explorer allows two methods of credentials storage: web sites credentials (for example: your Facebook user and password) and autocomplete data. Since version 10, instead of using the Registry a new term was introduced: Windows Vault. Windows Vault is the default storage vault for the credential manager information.

You need to check which OS is running. If its Windows 8 or greater, you call VaultGetItemW8. If its isn't, you call VaultGetItemW7.

To use the 'Vault', you load a DLL named 'vaultcli.dll' and access its functions as needed.

A typical C++ code will be:

Then you enumerate all stored credentials by calling

Then you go over the results.

Michael HaephratiMichael Haephrati

No guarantee, but I suspect IE uses the older Protected Storage API.

Ian Boyd

129k201 gold badges719 silver badges1040 bronze badges

Jerry CoffinJerry Coffin

399k58 gold badges499 silver badges940 bronze badges

Alienware Recovery Download

Alienware Recovery Disk For Internet Explorer Download

Alienware Restore Disk

3 Answers

Not the answer you're looking for? Browse other questions tagged securityinternet-explorerpasswordspassword-protection or ask your own question.