Need Help- Requested Resource in Use....

[Arti]

Two weeks ago i tried opening Razer Synapse 2.0 and it kept saying requested resource in use and every time i tried opening task manager it would open for a split second and shut off. I went to bleeping computer.com and tried their steps but Malwarebytes anti root kit beta would get to around 18000 threats found and wouldn't respond for two days straight. If any of you experts could help me it would be greatly appreciated.

Addition2.txt

FRST.txt

[Aura]

Hi Arti

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after. 

[Arti]

Thank you very much Aura. This problem is a plague if you could help me it would be much appreciated.

[Aura]

No problem Start by following the instructions in the thread I linked above.

[Arti]

Yes Aura I have done this before  it always ends about 1800 threats found and stops responding for id say now 72 hours.

[Arti]

As a matter of fact i still have it up right now.... I followed the guide from bleepingcomputer never got past this step tried using Rkill and it said no threats found.

[Aura]

When you run MBAR, uncheck Sectors and System, leaving only Drivers checked. This way it shouldn't freeze when scanning.

[Arti]

Ok it said scan finished two malware items detected. Thanks so much

[Aura]

Good  Let MBAR restart your computer, and now you should be able to install and run a scan with Malwarebytes.

Malwarebytes - Clean Mode

• Download and install the free version of Malwarebytes
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
• Let the scan run, the time required to complete the scan depends of your system and computer specs
• Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
  
  • If it asks you to restart your computer to complete the removal, do so
    
• Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
  

[Arti]

Hey Aura I ran into an issue my computer during the restart shut down and it won't turn back on

[Arti]

I unplugged my charger and it turned on....

[Aura]

So it's working now? Can you provide me the Malwarebytes log?

[Arti]

Yes how do i do that.

ANd everything seems to be working perfectly

 

[Aura]

Open Malwarebytes and go to the Reports tab. From there, select the most recent Scan entry and double-click on it. In the window that will open, click on the Export button (bottom left corner) and select Copy to clipboard. From there, just do a Paste (Ctrl + V) here.

[Aura]

Hi Arti,

Are you still with me?

[Arti]

Yes sorry had issues with comp again

 

[Arti]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/15/17
Scan Time: 2:46 AM
Log File: 9a1cdc76-99e1-11e7-984f-54a0508e1791.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.0
License: Trial

-System Information-
OS: Windows 10 (Build 15063.483)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422289
Threats Detected: 43
Threats Quarantined: 43
Time Elapsed: 13 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 27
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\USERS\ARTY\APPDATA\LOCAL\LLSSOFT\WINVMX, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx, Quarantined, [21], [383807],1.0.0
Trojan.Clicker, C:\USERS\ARTY\APPDATA\LOCAL\NTUSERLITELIST, Quarantined, [21], [383807],1.0.0

File: 16
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627\Pepper Data\Shockwave Flash\3F1B.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash\4645.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash\532.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash\E066.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654\Pepper Data\Shockwave Flash\8E1B.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665\Pepper Data\Shockwave Flash\4BBA.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash\A0B5.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash\AE21.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash\F212.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data\Shockwave Flash\326E.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data\Shockwave Flash\5548.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681\Pepper Data\Shockwave Flash\6367.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685\Pepper Data\Shockwave Flash\9003.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll, Delete-on-Reboot, [21], [383807],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll, Delete-on-Reboot, [21], [383807],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll, Delete-on-Reboot, [21], [383807],1.0.0

Physical Sector: 0
(No malicious items detected)

(end)

[Aura]

Good Now let's do a sweep with AdwCleaner and RogueKiller.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the EULA (I accept), then click on Scan
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
  

RogueKiller

• Download the right version of RogueKiller for your Windows version (32 or 64-bit)
• Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
• Wait for the scan to complete
• On completion, the results will be displayed
• Check every single entry (threat found), and click on the Remove Selected button
• On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
• This will open the report in Notepad. Copy/paste its content in your next reply
  

Your next reply(ies) should therefore contain:

• Copy/pasted AdwCleaner clean log
• Copy/pasted RogueKiller clean log
  

[Arti]

RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Arty [Administrator]
Started from : C:\Users\Arty\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 09/17/2017 17:50:30 (Duration : 00:42:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (\SystemRoot\system32\DRIVERS\SWDUMon.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.240.205.161 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e6f8a94c-64ff-431b-8928-72f0581d62f9} | DhcpNameServer : 10.240.205.161 ([])  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[VT.Unknown] %WINDIR%\Tasks\{0149B776-EDE9-4CF9-957A-F1AB260F5858}.job -- C:\Users\Arty\AppData\Local\573A3E~1\SYNHEL~1.EXE (/Check) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 069a1c300f772ee5f2ad85d6a545939d
[BSP] 28f050288cf2350bd0cfd8c98fe5d894 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 381546 MB
4 - Basic data partition | Offset (sectors): 783718400 | Size: 555824 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1922045952 | Size: 15370 MB
User = LL1 ... OK
User = LL2 ... OK

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/15/17
Scan Time: 2:46 AM
Log File: 9a1cdc76-99e1-11e7-984f-54a0508e1791.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.0
License: Trial

-System Information-
OS: Windows 10 (Build 15063.483)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422289
Threats Detected: 43
Threats Quarantined: 43
Time Elapsed: 13 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 27
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685\Pepper Data\Shockwave Flash, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685\Pepper Data, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\USERS\ARTY\APPDATA\LOCAL\LLSSOFT\WINVMX, Quarantined, [2604], [364568],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx, Quarantined, [21], [383807],1.0.0
Trojan.Clicker, C:\USERS\ARTY\APPDATA\LOCAL\NTUSERLITELIST, Quarantined, [21], [383807],1.0.0

File: 16
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data627\Pepper Data\Shockwave Flash\3F1B.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash\4645.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash\532.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data639\Pepper Data\Shockwave Flash\E066.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data654\Pepper Data\Shockwave Flash\8E1B.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data665\Pepper Data\Shockwave Flash\4BBA.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash\A0B5.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash\AE21.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data667\Pepper Data\Shockwave Flash\F212.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data\Shockwave Flash\326E.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data671\Pepper Data\Shockwave Flash\5548.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data681\Pepper Data\Shockwave Flash\6367.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker.D, C:\Users\Arty\AppData\Local\llssoft\winvmx\data685\Pepper Data\Shockwave Flash\9003.tmp, Delete-on-Reboot, [2604], [364568],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll, Delete-on-Reboot, [21], [383807],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll, Delete-on-Reboot, [21], [383807],1.0.0
Trojan.Clicker, C:\Users\Arty\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll, Delete-on-Reboot, [21], [383807],1.0.0

Physical Sector: 0
(No malicious items detected)

(end)

[Aura]

Did you quarantine the threats RogueKiller detected? Also you provided me the same Malwarebytes log, and not the AdwCleaner clean log.

[Arti]

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 17 21:03:16 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-15-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive
PUP.Optional.TweakBit, C:\ProgramData\Application Data\BSD\DriverHive
PUP.Optional.TweakBit, C:\Users\All Users\BSD\DriverHive
PUP.Optional.Legacy, C:\Users\Arty\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Users\All Users\Documents\Downloaded Installers
PUP.Optional.Legacy, C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\yset
PUP.Optional.Legacy, C:\ProgramData\DriverUpdatePlus
PUP.Optional.Legacy, C:\ProgramData\Application Data\DriverUpdatePlus
PUP.Optional.Legacy, C:\Users\All Users\DriverUpdatePlus
PUP.Optional.Legacy, C:\ProgramData\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\ProgramData\Application Data\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\All Users\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\Arty\AppData\Local\AdvinstAnalytics
PUP.Optional.S5Mark, C:\Users\Arty\AppData\Local\llssoft
PUP.Optional.Mail.Ru, C:\ProgramData\Mail.Ru
PUP.Optional.Mail.Ru, C:\ProgramData\Application Data\Mail.Ru
PUP.Optional.Mail.Ru, C:\Users\All Users\Mail.Ru
PUP.Optional.Mail.Ru, C:\Users\Arty\AppData\Local\Mail.Ru
PUP.Optional.ProPCCleaner, C:\Users\Arty\AppData\Roaming\PPC-software
PUP.Optional.ProCleaningSoftware, C:\Users\Arty\AppData\Roaming\PPC-software
PUP.Optional.SlimCleanerPlus, C:\Users\Arty\AppData\Local\slimware utilities inc
PUP.Optional.SlimCleanerPlus, C:\Users\Arty\AppData\Local\SlimWare Utilities Inc

***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\SysNative\drivers\swdumon.sys
PUP.Optional.Legacy, C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}
Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves
PUP.Optional.ByteFence, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ByteFence.exe
PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.Auslogics, [Key] - HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\BSD
PUP.Optional.Auslogics, [Key] - HKCU\Software\BSD
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\Xpom
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\Xpom
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.PCBooster, [Key] - HKLM\SOFTWARE\Classes\CLSID\{92BC9DAD-8BC5-4B9A-BC65-2A2FF3302B8C}
PUP.Optional.BoostMyPC, [Key] - HKLM\SOFTWARE\Speedbit Technology
PUP.Optional.BoostMyPC, [Key] - HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\Speedbit Technology
PUP.Optional.BoostMyPC, [Key] - HKCU\Software\Speedbit Technology
PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

[Aura]

Good Now let's run a scan with FRST and see if there's anything left to remove.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
• Click on the Scan button
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply
  

[Arti]

Hey Aura could i get the link  for FRST please

[Aura]

I see that we've never used it so far, my bad, here.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

[Arti]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by Arty (administrator) on INDIGO (21-09-2017 21:54:12)
Running from C:\Users\Arty\Downloads
Loaded Profiles: Arty (Available Profiles: Arty)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(© 2015 Microsoft Corporation) C:\Users\Arty\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Twitch Interactive, Inc.) C:\Users\Arty\AppData\Roaming\Twitch\Bin\Twitch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Twitch Interactive, Inc.) C:\Users\Arty\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Arty\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Arty\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Arty\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Arty\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Arty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Razer, Inc.) C:\Users\Arty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Farbar) C:\Users\Arty\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16291448 2016-09-26] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.4.537\ASUSWSLoader.exe [63272 2015-10-12] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-21] (Razer Inc.)
HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\...\Run: [BingSvc] => C:\Users\Arty\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\...\Run: [Chromium] => c:\users\arty\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors)
HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-16] ()
HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\...\Run: [Discord] => C:\Users\Arty\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-11-29] ()
Startup: C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-08-31]
ShortcutTarget: Twitch.lnk -> C:\Users\Arty\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.240.205.161
Tcpip\..\Interfaces\{004a68b2-407c-40de-baea-da57d9674153}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6f8a94c-64ff-431b-8928-72f0581d62f9}: [DhcpNameServer] 10.240.205.161

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4254962026-1802304568-1504276143-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-07] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-07] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-07] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-07] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4254962026-1802304568-1504276143-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arty\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (Google Slides) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-17]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-17]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-17]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-08-31]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-17]
CHR Extension: (Honey) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-20]
CHR Extension: (Adblock Plus) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Adblock for Youtube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-16]
CHR Extension: (Google Sheets) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-18]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4254962026-1802304568-1504276143-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-11] (BitRaider, LLC)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-10-29] (ASUSTek Computer Inc.) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-26] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-09-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404368 2017-08-21] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-03-31] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-13] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-11] (BitRaider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 gKbdfltr; C:\WINDOWS\System32\drivers\gKbdfltr.sys [26472 2016-11-26] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2625280 2015-12-03] (Realtek Semiconductor Corp.)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79528 2014-10-15] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-26] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-21] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R1 MpKsl022299fd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CE5B31B-7F4D-4DCF-8086-B0400BF9DCA9}\MpKsl022299fd.sys [44928 2017-09-20] (Microsoft Corporation)
R1 MpKsl1fd19ac3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AED1FEF9-281C-4A58-AD22-02A47A21E194}\MpKsl1fd19ac3.sys [44928 2017-09-18] (Microsoft Corporation)
R1 MpKslfbbd6efc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF2BF1DF-EF3F-43AD-A29C-6B6F46CF4252}\MpKslfbbd6efc.sys [44928 2017-09-21] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2016-11-09] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_d5fc647520664d82\nvlddmkm.sys [14841784 2017-04-03] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-08] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9129176 2014-08-26] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S1 gkvjxdij; \??\C:\WINDOWS\system32\drivers\gkvjxdij.sys [X]
S1 goxiyysi; \??\C:\WINDOWS\system32\drivers\goxiyysi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 21:41 - 2017-09-21 21:41 - 002399744 _____ (Farbar) C:\Users\Arty\Downloads\FRST64 (1).exe
2017-09-19 22:25 - 2017-09-19 22:25 - 001113340 _____ C:\Users\Arty\Sim.html
2017-09-19 19:23 - 2017-09-21 21:39 - 000000000 ____D C:\Users\Arty\AppData\Roaming\SimulationCraft
2017-09-19 19:23 - 2017-09-19 19:23 - 000000883 _____ C:\Users\Public\Desktop\Simulationcraft(x64).lnk
2017-09-19 19:23 - 2017-09-19 19:23 - 000000000 ____D C:\Users\Arty\AppData\Local\SimulationCraft
2017-09-19 19:23 - 2017-09-19 19:23 - 000000000 ____D C:\Simulationcraft(x64)
2017-09-19 19:23 - 2017-09-19 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simulationcraft(x64)
2017-09-19 19:22 - 2017-09-19 19:23 - 046619325 _____ (Simulationcraft ) C:\Users\Arty\Downloads\SimcSetup-730-02-Win64.exe
2017-09-19 19:20 - 2017-09-19 19:20 - 038238655 _____ C:\Users\Arty\Downloads\simc-730-03-win32-fb1caa1f2.7z
2017-09-18 22:43 - 2017-09-18 22:43 - 026191744 _____ (Razer USA Ltd) C:\Users\Arty\Downloads\Razer_Synapse_Installer_v2.21.00.712 (2).exe
2017-09-18 22:40 - 2017-09-18 22:40 - 026191744 _____ (Razer USA Ltd) C:\Users\Arty\Downloads\Razer_Synapse_Installer_v2.21.00.712 (1).exe
2017-09-18 16:32 - 2017-09-18 16:32 - 026191744 _____ (Razer USA Ltd) C:\Users\Arty\Downloads\Razer_Synapse_Installer_v2.21.00.712.exe
2017-09-18 07:30 - 2017-09-18 07:30 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-09-17 17:50 - 2017-09-18 07:28 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-17 17:49 - 2017-09-17 19:14 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-17 17:47 - 2017-09-17 17:49 - 026685000 _____ C:\Users\Arty\Downloads\RogueKiller_portable64.exe
2017-09-17 17:01 - 2017-09-18 07:25 - 000000000 ____D C:\AdwCleaner
2017-09-17 17:01 - 2017-09-17 17:01 - 008182736 _____ (Malwarebytes) C:\Users\Arty\Downloads\AdwCleaner (1).exe
2017-09-13 19:18 - 2017-09-13 19:18 - 000002234 _____ C:\Users\Arty\Desktop\Discord.lnk
2017-09-13 19:18 - 2017-09-13 19:18 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-09-13 19:18 - 2017-09-13 19:18 - 000000000 ____D C:\Users\Arty\AppData\Local\Discord
2017-09-13 19:17 - 2017-09-13 19:17 - 054332920 _____ (Discord Inc.) C:\Users\Arty\Downloads\DiscordSetup.exe
2017-09-12 17:23 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 17:23 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 17:23 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 17:23 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 17:23 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 17:23 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 17:23 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 17:23 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 17:23 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 17:23 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 17:23 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 17:23 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 17:23 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 17:23 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 17:23 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 17:23 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 17:23 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 17:23 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 17:23 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 17:23 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 17:23 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 17:23 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 17:23 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 17:23 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 17:23 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 17:23 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 17:23 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 17:23 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 17:23 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 17:23 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 17:23 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 17:23 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 17:23 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 17:23 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 17:23 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 17:23 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 17:23 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 17:23 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 17:23 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 17:23 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 17:23 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 17:23 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 17:23 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 17:23 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 17:23 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 17:23 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 17:23 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 17:23 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 17:23 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 17:23 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 17:23 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 17:23 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 17:23 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 17:23 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 17:23 - 2017-09-05 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-12 17:23 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 17:23 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 17:23 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 17:23 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 17:23 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 17:23 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 17:23 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 17:23 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 17:23 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 17:23 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 17:23 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 17:23 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 17:23 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 17:23 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 17:23 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 17:23 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 17:23 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 17:23 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 17:23 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 17:23 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 17:23 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 17:23 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 17:23 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 17:23 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 17:23 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 17:23 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 17:23 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 17:23 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 17:23 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 17:23 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 17:23 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 17:23 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 17:23 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 17:23 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 17:23 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 17:23 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 17:23 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 17:23 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 17:23 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 17:23 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 17:23 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 17:23 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 17:23 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 17:23 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 17:23 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 17:23 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 17:23 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 17:23 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 17:23 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 17:23 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 17:23 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 17:23 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 17:23 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 17:23 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 17:23 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 17:23 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 17:23 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 17:23 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 17:23 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 17:23 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 17:22 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 17:22 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 17:22 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 17:22 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 17:22 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 17:22 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 17:22 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 17:22 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 17:22 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 17:22 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 17:22 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 17:22 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 17:22 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 17:22 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 17:22 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 17:22 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 17:22 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 17:22 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 17:22 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 17:22 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 17:22 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 17:22 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 17:22 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 17:22 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 17:22 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 17:22 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 17:22 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 17:22 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 17:22 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 17:22 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 17:22 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 17:22 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 17:22 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 17:22 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 17:22 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 17:22 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 17:22 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 17:22 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 17:22 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 17:22 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 17:22 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 17:22 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 17:22 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 17:22 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 17:22 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 17:22 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 17:22 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 17:22 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 17:22 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 17:22 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 17:22 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 17:22 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 17:22 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 17:22 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 17:22 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 17:22 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 17:22 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 17:22 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 17:22 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 17:22 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 17:22 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 17:22 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 17:22 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 17:22 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 17:22 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 17:22 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 17:22 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 17:22 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 17:22 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 17:22 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 17:22 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 17:22 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 17:22 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 17:22 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 17:22 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 17:22 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 17:22 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 17:22 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 17:22 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 17:22 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 17:22 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 17:22 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 17:22 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 17:22 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 17:22 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 17:22 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 17:22 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 17:22 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 17:22 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 17:22 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 17:22 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 17:22 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 17:22 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 17:22 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 17:22 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 17:22 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 17:22 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 17:22 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 17:22 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 17:22 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 17:22 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 17:22 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 17:22 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 17:22 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 17:22 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 17:22 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 17:22 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 17:22 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 17:22 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 17:22 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 17:22 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 17:22 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 17:22 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 17:22 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 17:22 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 17:22 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 17:22 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 17:22 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 17:22 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-11 23:13 - 2017-09-11 23:13 - 000364910 _____ C:\Users\Arty\Downloads\watch.html
2017-09-11 22:26 - 2017-07-19 12:16 - 000045752 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2017-09-11 22:23 - 2017-09-21 19:12 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-11 22:23 - 2017-09-21 11:02 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-11 22:23 - 2017-09-21 11:02 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-11 22:23 - 2017-09-21 11:02 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-11 22:23 - 2017-09-17 01:48 - 000002099 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-11 22:23 - 2017-09-11 22:23 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-11 22:23 - 2017-09-11 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-11 22:23 - 2017-09-11 22:23 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-11 22:23 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-11 22:17 - 2017-09-11 22:19 - 066347240 _____ (Malwarebytes ) C:\Users\Arty\Downloads\Unconfirmed 590252.crdownload
2017-09-11 22:17 - 2017-09-11 22:19 - 066347240 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mb3-setup-consumer-3.2.2.2018 (5).exe
2017-09-11 22:17 - 2017-09-11 22:19 - 066347240 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mb3-setup-consumer-3.2.2.2018 (4).exe
2017-09-11 22:17 - 2017-09-11 22:19 - 066347240 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mb3-setup-consumer-3.2.2.2018 (3).exe
2017-09-11 22:17 - 2017-09-11 22:19 - 066347240 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mb3-setup-consumer-3.2.2.2018 (2).exe
2017-09-11 22:17 - 2017-09-11 22:17 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-09-11 22:17 - 2017-09-11 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-09-11 22:17 - 2017-09-11 22:17 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2017-09-11 21:36 - 2017-09-11 21:36 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Arty\Downloads\mbar-1.09.4.1001 (2).exe
2017-09-11 21:29 - 2017-09-11 21:29 - 012641849 _____ (TradeSkillMaster ) C:\Users\Arty\Downloads\setup.exe
2017-09-11 21:29 - 2017-09-11 21:29 - 000001346 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2017-09-11 21:29 - 2017-09-11 21:29 - 000000000 ____D C:\Users\Arty\AppData\Roaming\TradeSkillMaster
2017-09-11 21:29 - 2017-09-11 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2017-09-11 21:29 - 2017-09-11 21:29 - 000000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2017-09-11 21:26 - 2017-09-11 21:27 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Arty\Downloads\mbar-1.09.4.1001 (1).exe
2017-09-10 15:52 - 2017-09-10 15:52 - 000003662 _____ C:\Users\Arty\Downloads\Unconfirmed 653509.crdownload
2017-09-10 13:20 - 2017-09-10 13:20 - 000057809 _____ C:\Users\Arty\Downloads\Addition2.txt
2017-09-10 13:18 - 2017-09-21 21:54 - 000027378 _____ C:\Users\Arty\Downloads\FRST.txt
2017-09-10 13:18 - 2017-09-10 13:19 - 000057806 _____ C:\Users\Arty\Downloads\Addition.txt
2017-09-10 13:17 - 2017-09-21 21:54 - 000000000 ____D C:\FRST
2017-09-10 13:16 - 2017-09-10 13:16 - 002396160 _____ (Farbar) C:\Users\Arty\Downloads\FRST64.exe
2017-09-10 13:16 - 2017-09-10 13:16 - 001793024 _____ (Farbar) C:\Users\Arty\Downloads\FRST.exe
2017-09-10 13:15 - 2017-09-10 13:15 - 066347240 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-10 13:06 - 2017-09-10 13:06 - 000000198 _____ C:\Users\Arty\Documents\let.bat
2017-09-10 13:06 - 2017-09-10 13:06 - 000000198 _____ C:\Users\Arty\Desktop\let.bat
2017-09-10 13:04 - 2017-09-10 13:07 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Arty\Downloads\mbar-1.09.4.1001.exe
2017-09-10 12:10 - 2017-09-10 12:10 - 008182736 _____ (Malwarebytes) C:\Users\Arty\Downloads\AdwCleaner.exe
2017-09-10 12:08 - 2017-09-10 12:09 - 022851472 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2017-09-10 11:55 - 2017-09-10 11:55 - 005766464 _____ (Zemana Ltd. ) C:\Users\Arty\Downloads\censored.exe
2017-09-07 11:48 - 2002-04-22 00:41 - 000000007 _____ C:\FAC.TXT
2017-09-07 11:47 - 2017-09-07 11:48 - 000000000 ____D C:\preload64
2017-09-07 06:01 - 2017-09-18 22:52 - 101187584 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-09-06 16:14 - 2017-09-06 16:15 - 054332920 _____ (Discord Inc.) C:\Users\Arty\Downloads\DiscordSetup (3).exe
2017-09-04 21:57 - 2017-09-04 21:57 - 000000000 ____D C:\Program Files (x86)\PKGInstaller
2017-09-04 21:55 - 2017-09-04 21:55 - 026191744 _____ (Razer USA Ltd) C:\Users\Arty\Desktop\Razer_Synapse_Installer_v2.21.00.712.exe
2017-09-02 18:40 - 2017-09-02 18:40 - 000000000 ____D C:\ProgramData\Arty
2017-08-31 20:18 - 2017-09-12 16:35 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-31 20:18 - 2017-09-11 22:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-31 20:17 - 2017-09-11 21:41 - 000000000 ____D C:\Users\Arty\Desktop\mbar
2017-08-31 20:17 - 2015-10-16 20:17 - 000270136 _____ (Malwarebytes) C:\Users\Arty\Desktop\mbar.exe
2017-08-31 18:41 - 2017-08-31 18:41 - 000000318 _____ C:\Users\Arty\Desktop\Curse Client.appref-ms
2017-08-31 18:41 - 2017-08-31 18:41 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2017-08-31 13:39 - 2017-09-18 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-08-31 13:39 - 2017-08-31 13:39 - 000000000 ____D C:\temp
2017-08-31 01:49 - 2017-08-31 01:49 - 000001029 _____ C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2017-08-31 01:48 - 2017-09-21 21:09 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Twitch
2017-08-31 01:48 - 2017-08-31 01:49 - 000001043 _____ C:\Users\Arty\Desktop\Twitch.lnk
2017-08-31 01:47 - 2017-08-31 01:47 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Twitch Setup
2017-08-27 15:07 - 2017-09-07 02:07 - 000001034 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2017-08-27 15:07 - 2017-08-27 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 21:49 - 2017-07-14 19:10 - 000000000 ____D C:\Users\Arty\AppData\Local\Battle.net
2017-09-21 21:21 - 2017-07-13 15:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-21 20:26 - 2015-08-20 03:33 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-21 19:09 - 2017-03-14 17:46 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-21 19:09 - 2015-11-12 20:04 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2017-09-21 17:37 - 2017-07-13 15:23 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E79E71D6-B03B-4DC3-90B9-A073FA2360FC}
2017-09-21 12:25 - 2017-07-13 15:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-21 12:00 - 2017-07-13 15:23 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-09-21 12:00 - 2017-07-13 15:23 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-09-21 11:13 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-21 11:13 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-21 11:08 - 2017-07-13 15:23 - 000005596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-21 11:08 - 2017-07-13 15:08 - 000000000 ____D C:\Users\Arty
2017-09-21 11:08 - 2015-06-28 05:23 - 000000165 _____ C:\Users\Arty\AppData\Roaming\sp_data.sys
2017-09-21 11:07 - 2017-07-14 19:10 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-21 11:07 - 2017-07-13 15:47 - 000000000 ____D C:\Users\Arty\AppData\Local\Deployment
2017-09-21 11:06 - 2017-07-13 15:07 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-21 11:06 - 2017-07-11 10:22 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-21 11:06 - 2015-06-28 05:21 - 000000000 __SHD C:\Users\Arty\IntelGraphicsProfiles
2017-09-21 11:02 - 2017-07-13 15:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-19 01:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-18 22:52 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-18 22:49 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-18 22:44 - 2017-07-13 15:06 - 000000000 ____D C:\Program Files (x86)\Razer
2017-09-18 22:44 - 2015-08-03 04:22 - 000000000 ____D C:\Users\Arty\AppData\Local\Razer
2017-09-18 22:43 - 2017-07-13 15:06 - 000000000 ____D C:\ProgramData\Razer
2017-09-18 17:51 - 2016-04-28 20:55 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-18 15:43 - 2017-07-13 15:07 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-18 07:34 - 2017-07-13 15:23 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:34 - 2017-07-13 15:23 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:34 - 2017-07-13 15:07 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-18 07:32 - 2017-07-13 15:23 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:32 - 2017-07-13 15:23 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:32 - 2017-07-13 15:23 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:32 - 2017-07-13 15:23 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:32 - 2017-07-13 15:23 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:32 - 2017-07-13 15:23 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-18 07:32 - 2017-07-13 15:07 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-18 07:31 - 2014-09-24 08:20 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-17 17:06 - 2017-04-07 18:49 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-09-17 17:06 - 2017-01-19 09:01 - 000000000 ____D C:\ProgramData\BSD
2017-09-17 16:46 - 2015-06-28 05:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-17 16:36 - 2017-07-13 15:03 - 000396784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-17 16:33 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-17 01:36 - 2016-04-09 00:13 - 000000000 ____D C:\Users\Arty\AppData\Local\CrashDumps
2017-09-15 00:10 - 2017-01-23 18:10 - 000000000 ____D C:\Users\Arty\AppData\Local\573A3EFB-3102-2C54-0FF0-624B9AC1A2B3
2017-09-15 00:10 - 2016-08-19 04:27 - 000000411 _____ C:\Users\Arty\AppData\Roaming\WB.CFG
2017-09-13 19:19 - 2016-05-04 11:16 - 000000000 ____D C:\Users\Arty\AppData\Roaming\discord
2017-09-13 19:18 - 2016-05-04 11:16 - 000000000 ____D C:\Users\Arty\AppData\Local\SquirrelTemp
2017-09-12 17:29 - 2015-06-28 13:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 17:27 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 17:27 - 2015-06-28 13:25 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 16:35 - 2017-01-25 06:14 - 000000000 ____D C:\Program Files (x86)\EloBuddy
2017-09-12 12:58 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-12 12:58 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-11 22:17 - 2016-01-11 15:04 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-09-11 21:42 - 2017-03-18 07:40 - 027787264 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-09 03:54 - 2017-07-26 23:04 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4254962026-1802304568-1504276143-1001
2017-09-09 03:54 - 2015-12-20 18:09 - 000002366 _____ C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-09 03:54 - 2015-06-28 08:22 - 000000000 ___RD C:\Users\Arty\OneDrive
2017-09-08 19:14 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-07 11:48 - 2014-09-24 06:14 - 000000000 ____D C:\WINDOWS\Log
2017-09-07 11:40 - 2017-02-20 01:14 - 000000000 ____D C:\Users\Arty\AppData\Local\{1C302A6C-3898-46D4-5500-633C71689FA4}
2017-09-07 11:14 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-07 05:59 - 2017-08-07 01:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-09-05 19:41 - 2015-09-08 16:32 - 000000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2017-09-02 18:20 - 2015-06-28 09:44 - 000000000 ____D C:\GOG Games
2017-09-02 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 11:15 - 2017-03-18 17:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 11:36 - 2015-08-17 05:12 - 000000000 ____D C:\Program Files (x86)\Diablo III
2017-08-31 21:06 - 2016-01-11 14:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-31 11:22 - 2016-08-02 02:26 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-27 15:24 - 2017-08-07 23:23 - 000000436 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-08-27 15:03 - 2017-07-14 19:12 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Battle.net

==================== Files in the root of some directories =======

2017-02-01 09:57 - 2017-02-04 13:10 - 000016849 _____ () C:\Users\Arty\AppData\Roaming\Golanat
2017-01-23 18:10 - 2017-01-04 13:10 - 000000472 _____ () C:\Users\Arty\AppData\Roaming\install.log
2015-06-28 05:23 - 2017-09-21 11:08 - 000000165 _____ () C:\Users\Arty\AppData\Roaming\sp_data.sys
2016-08-19 04:27 - 2017-09-15 00:10 - 000000411 _____ () C:\Users\Arty\AppData\Roaming\WB.CFG
2015-08-26 09:21 - 2015-08-26 09:21 - 000007597 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2016-08-23 07:44 - 2016-08-23 07:44 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-24 08:20 - 2012-09-07 07:40 - 000000256 _____ () C:\ProgramData\SetStretch.cmd
2014-09-24 08:20 - 2009-07-22 06:04 - 000024576 _____ () C:\ProgramData\SetStretch.exe
2014-09-24 08:20 - 2012-09-07 07:37 - 000000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
2017-09-17 17:49 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Arty\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-16 15:39

==================== End of FRST.txt ============================