PUP.OPTIONAL.SEARCHMANAGER won't stay removed

[mflo17]

Hello everyone I am having a problem removing searchmanager. I have used ADWCleaner, Malware Bytes and Hitman Pro to no avail. Every time I remove it it returns the next time I boot up Chrome. I have attempted to download a fixlist file in another closed thread but the file was deleted. Any help is very appreciated.

[AdvancedSetup]

Hello @mflo17 and

Please follow the directions from the following post and let me know if it corrects your issue or not

 

Thanks

Ron

 

[mflo17]

I have tried the steps listed there and unfortunately Search Manager still comes up when I restart Chrome. 

Here is an FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Matt (administrator) on DESKTOP-GPRPUMN (26-03-2019 21:53:30)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: defaultuser0 & Matt)
Platform: Windows 10 Pro Version 1803 17134.648 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spaceman.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symless Ltd. -> ) C:\Program Files\Synergy\synergyd.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(UASSOFT.COM) [File not signed] C:\Program Files (x86)\5-button mouse\KMWDSrv.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Symless Ltd. -> ) C:\Program Files\Synergy\synergyc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() [File not signed] C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(UASSOFT.COM) [File not signed] C:\Program Files (x86)\5-button mouse\StartAutorun.exe
(UASSOFT.COM) [File not signed] C:\Program Files (x86)\5-button mouse\KMCONFIG.exe
(UASSOFT.COM) [File not signed] C:\Program Files (x86)\5-button mouse\KMProcess.exe
() [File not signed] C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DTShellHlp.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19011.19410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Users\Matt\Downloads\adwcleaner_7.2.7.0 (1).exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-01-18] () [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [13388752 2017-01-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [KMCONFIG] => "C:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] () [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [UTB Install] => C:\Users\Matt\Desktop\Ultimate Twitch Bot 3\Ultimate Twitch Bot 3.exe [906240 2017-07-01] (BluNET) [File not signed]
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3144480 2019-02-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [1384840 2018-10-04] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [Discord] => C:\Users\Matt\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [uTorrent] => C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-17] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [954560 2018-02-15] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35210128 2019-02-19] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [4069496 2016-12-26] (Appholly Technology Co., Ltd. -> i-Funbox.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-26] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{36b4c214-7f33-40d5-9cb2-46e414b24cfb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d06083a7-24b8-4537-a189-76698216d245}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing

FireFox:
========
FF DefaultProfile: 83gheeut.default
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\83gheeut.default [2019-03-26]
FF Homepage: Mozilla\Firefox\Profiles\83gheeut.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\83gheeut.default -> about:newtab
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-26] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-26] (Google Inc -> Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default [2019-03-26]
CHR Extension: (Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-26]
CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-26]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-26]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-26]
CHR Extension: (Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-26]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3009694946-3533960035-3964833221-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [560544 2017-10-13] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2019-01-05] (BattlEye Innovations e.K. -> )
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [6148288 2018-02-15] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2019-01-07] (FUTUREMARK INC -> Futuremark)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-03-25] (SurfRight B.V. -> SurfRight B.V.)
R2 KMWDSERVICE; C:\Program Files (x86)\5-button mouse\KMWDSrv.exe [201216 2009-10-08] (UASSOFT.COM) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2237392 2016-11-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-02-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-02-19] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737560 2019-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [310952 2016-10-31] (Symless Ltd. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALSysIO; C:\Users\Matt\AppData\Local\Temp\ALSysIO64.sys [46384 2019-03-24] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\drivers\atikmdag-patched\atikmdag.sys [38745152 2012-06-26] (Edgard Roberto Viera -> Advanced Micro Devices, Inc.) [File not signed]
R3 amdkmdag; C:\Windows\SysWOW64\drivers\atikmdag-patched\atikmdag.sys [38745152 2012-06-26] (Edgard Roberto Viera -> Advanced Micro Devices, Inc.) [File not signed]
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2016-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2018-09-20] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2018-09-20] (Disc Soft Ltd -> Disc Soft Ltd)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> ELECOM)
R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2017-04-18] (Elgato Systems LLC -> Elgato Systems GmbH)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 MZ0380.X64; C:\WINDOWS\system32\DRIVERS\eMZ0380.X64.SYS [3921032 2017-11-20] (Elgato Systems LLC -> )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-03-24] (Zemana Ltd. -> Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-26 22:25 - 2019-03-26 19:48 - 088604672 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-03-26 22:18 - 2019-03-26 22:25 - 000000000 ___DC C:\WINDOWS\Microsoft Antimalware
2019-03-26 19:10 - 2019-03-26 19:35 - 000001588 ____C C:\Users\Matt\Downloads\Fixlog.txt
2019-03-26 18:53 - 2019-03-26 18:53 - 000003418 ____C C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-26 18:53 - 2019-03-26 18:53 - 000003294 ____C C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-26 18:53 - 2019-03-26 18:53 - 000002377 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-26 18:53 - 2019-03-26 18:53 - 000002336 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-25 23:25 - 2019-03-25 23:25 - 000057656 ____C C:\ProgramData\agent.uninstall.1553570707.bdinstall.v2.bin
2019-03-25 23:21 - 2019-03-25 23:21 - 046929441 ____C C:\Users\Matt\Downloads\MSIAfterburnerSetup (8).zip
2019-03-25 20:48 - 2019-03-25 20:48 - 000000000 ___DC C:\Users\Matt\AppData\Local\AdAwareDesktop
2019-03-25 20:47 - 2019-03-25 20:47 - 000000000 ___DC C:\Users\Matt\AppData\Local\AdAwareUpdater
2019-03-25 20:46 - 2019-03-25 20:46 - 002708912 ____C C:\Users\Matt\Downloads\Adaware_Installer.exe
2019-03-25 20:08 - 2019-03-26 18:53 - 000000000 ___DC C:\Program Files (x86)\Google
2019-03-25 20:07 - 2019-03-25 20:07 - 000012872 ____C (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-03-25 20:04 - 2019-03-25 20:07 - 000000000 ___DC C:\ProgramData\HitmanPro
2019-03-25 20:04 - 2019-03-25 20:04 - 000001966 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2019-03-25 20:04 - 2019-03-25 20:04 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-03-25 20:04 - 2019-03-25 20:04 - 000000000 ___DC C:\Program Files\HitmanPro
2019-03-25 19:37 - 2019-03-25 19:37 - 000001196 ____C C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-03-25 19:36 - 2019-03-25 19:36 - 000000000 ___DC C:\ProgramData\Bitdefender
2019-03-25 19:35 - 2019-03-25 19:35 - 010372016 ____C C:\Users\Matt\Downloads\bitdefender_online (1).exe
2019-03-25 19:35 - 2019-03-25 19:35 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\QuickScan
2019-03-25 19:34 - 2019-03-25 19:34 - 000076748 ____C C:\ProgramData\agent.update.1553556837.bdinstall.v2.bin
2019-03-25 19:29 - 2019-03-25 19:29 - 010372016 ____C C:\Users\Matt\Downloads\bitdefender_online.exe
2019-03-25 19:29 - 2019-03-25 19:29 - 000104736 ____C C:\ProgramData\agent.1553556571.bdinstall.v2.bin
2019-03-25 19:29 - 2019-03-25 19:29 - 000000000 ___DC C:\ProgramData\Bitdefender Agent
2019-03-25 18:41 - 2019-03-25 18:42 - 000074707 ____C C:\Users\Matt\Downloads\Addition.txt
2019-03-25 18:40 - 2019-03-26 21:54 - 000023199 ____C C:\Users\Matt\Downloads\FRST.txt
2019-03-25 18:40 - 2019-03-26 21:53 - 000000000 ___DC C:\FRST
2019-03-25 18:40 - 2019-03-25 18:40 - 002434048 ____C (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2019-03-24 22:28 - 2019-03-26 21:53 - 000063864 ____C C:\WINDOWS\ZAM_Guard.krnl.trace
2019-03-24 22:28 - 2019-03-25 19:34 - 000000000 ___DC C:\Program Files (x86)\Zemana AntiMalware
2019-03-24 22:28 - 2019-03-25 19:31 - 001462729 ____C C:\WINDOWS\ZAM.krnl.trace
2019-03-24 22:28 - 2019-03-24 22:28 - 012946608 ____C (Zemana Ltd. ) C:\Users\Matt\Downloads\Zemana.AntiMalware.Setup.exe
2019-03-24 22:28 - 2019-03-24 22:28 - 000203680 ____C (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-03-24 22:28 - 2019-03-24 22:28 - 000000000 ___DC C:\Users\Matt\AppData\Local\Zemana
2019-03-24 21:22 - 2019-03-24 21:22 - 007316688 ____C (Malwarebytes) C:\Users\Matt\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-24 21:19 - 2019-03-24 21:19 - 000000000 ___DC C:\AdwCleaner
2019-03-24 21:16 - 2019-03-24 21:16 - 007316688 ____C (Malwarebytes) C:\Users\Matt\Downloads\adwcleaner_7.2.7.0.exe
2019-03-22 19:35 - 2019-03-23 19:50 - 000000000 ___DC C:\WINDOWS\Minidump
2019-03-22 19:30 - 2019-03-22 19:30 - 000048768 ____C C:\ProgramData\PY3E765N2A.exe
2019-03-22 19:29 - 2019-03-22 19:29 - 000000000 ___DC C:\ProgramData\GS01W6BJFO4KKYEAO6JQ
2019-03-22 19:27 - 2019-03-25 20:07 - 000000000 _SHDC C:\ProgramData\wow64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.14393.0_ru-ru_421ec91d0cfe91bb
2019-03-22 19:27 - 2019-03-25 19:42 - 000000000 _SHDC C:\ProgramData\amd64_microsoft-windows-wmiv2-mdmappprov-dll_31bf3856ad364e35_10.0.14393.0_none_82b5a4f7c25404da
2019-03-22 19:27 - 2019-03-24 16:24 - 000000000 ___DC C:\WINDOWS\System32\Tasks\P-5-5-56-1302429561-1358580942-1206186732-6085
2019-03-22 19:27 - 2019-03-24 15:19 - 000000000 _SHDC C:\ProgramData\wow64_microsoft-windows-t..vices-configbackend_31bf3856ad364e35_10.0.17134.1_none_c66a2e418f231f22
2019-03-22 19:27 - 2019-03-24 15:19 - 000000000 ___DC C:\WINDOWS\System32\Tasks\W-7-6-25-1202971079-1176348168-1166084766-5843
2019-03-22 19:27 - 2019-03-24 15:19 - 000000000 ___DC C:\WINDOWS\System32\Tasks\K-3-5-21-1326829104-1145703208-1066368450-7930
2019-03-22 19:27 - 2019-03-22 19:29 - 001246160 ____C (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-03-22 19:27 - 2019-03-22 19:29 - 000137168 ____C (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-03-22 19:27 - 2019-03-22 19:27 - 000048741 ____C C:\ProgramData\Y7XJUVK1BN.exe
2019-03-22 19:27 - 2019-03-22 19:27 - 000000000 ___DC C:\Users\Matt\AppData\Local\xmrig
2019-03-22 19:26 - 2019-03-22 19:27 - 000000000 ___DC C:\ProgramData\CM0W9GKJ4DM7GEURGY8E
2019-03-22 19:26 - 2019-03-22 19:26 - 003875672 ____C C:\Users\Matt\Downloads\KMSpico.zip
2019-03-22 18:58 - 2019-03-22 19:37 - 000000000 ___DC C:\ProgramData\rKATGqziJA
2019-03-22 18:54 - 2019-03-24 16:23 - 000722944 ____C C:\Users\Matt\AppData\Local\sha.db
2019-03-22 18:54 - 2019-03-22 18:54 - 002036751 ____C C:\Users\Matt\AppData\Local\Donfan.tst
2019-03-22 18:54 - 2019-03-22 18:54 - 000070992 ____C C:\Users\Matt\AppData\Local\Config.xml
2019-03-22 18:54 - 2019-03-22 18:54 - 000005568 ____C C:\Users\Matt\AppData\Local\md.xml
2019-03-22 18:49 - 2019-03-22 18:49 - 005323320 ____C C:\Users\Matt\Downloads\KMSPico 10.2.2 [DazTeam.TW].zip
2019-03-22 18:45 - 2019-03-22 18:45 - 002599473 ____C (AIMP DevTeam) C:\Users\Matt\Downloads\setup.exe
2019-03-18 20:47 - 2019-03-18 20:47 - 000003225 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E09.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:47 - 2019-03-18 20:47 - 000003205 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E10.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:47 - 2019-03-18 20:47 - 000003085 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E12.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:47 - 2019-03-18 20:47 - 000002904 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E11.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:46 - 2019-03-18 20:46 - 000003605 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E04.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:46 - 2019-03-18 20:46 - 000003525 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E07.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:46 - 2019-03-18 20:46 - 000003524 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E05.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:46 - 2019-03-18 20:46 - 000003385 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E06.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:46 - 2019-03-18 20:46 - 000003103 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E08.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:45 - 2019-03-18 20:45 - 000004086 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E02.PROPER.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:45 - 2019-03-18 20:45 - 000003525 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E03.AAC.MP4-Mobile [IPT].torrent
2019-03-18 20:44 - 2019-03-18 20:44 - 000004012 ____C C:\Users\Matt\Downloads\Riverdale.US.S03E01.iNTERNAL.AAC.MP4-Mobile [IPT].torrent
2019-03-13 03:16 - 2019-03-06 11:39 - 000720536 ____C (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-13 03:16 - 2019-03-06 11:37 - 001616608 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-13 03:16 - 2019-03-06 11:36 - 001047352 ____C (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-13 03:16 - 2019-03-06 11:20 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 03:16 - 2019-03-06 11:19 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-13 03:16 - 2019-03-06 11:17 - 012730368 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-13 03:16 - 2019-03-06 11:17 - 000810496 ____C C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 03:16 - 2019-03-06 11:17 - 000116736 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-13 03:16 - 2019-03-06 11:14 - 001180672 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-13 03:16 - 2019-03-06 11:14 - 000522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-13 03:16 - 2019-03-06 11:14 - 000488448 ____C (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-13 03:16 - 2019-03-06 11:13 - 004053504 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-13 03:16 - 2019-03-06 11:13 - 001856512 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-13 03:16 - 2019-03-06 11:13 - 001662976 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 03:16 - 2019-03-06 11:13 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 03:16 - 2019-03-06 11:12 - 001180672 ____C (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-13 03:16 - 2019-03-06 08:18 - 000918032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-13 03:16 - 2019-03-06 08:18 - 000607744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-13 03:16 - 2019-03-06 08:10 - 000044544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-13 03:16 - 2019-03-06 08:09 - 011919360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-13 03:16 - 2019-03-06 08:06 - 000425472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-13 03:16 - 2019-03-06 08:05 - 004054016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-13 03:16 - 2019-03-06 08:05 - 001586176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-13 03:16 - 2019-03-06 08:04 - 001471488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-13 03:16 - 2019-03-06 08:04 - 000423936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-13 03:16 - 2019-03-06 07:59 - 001008640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 03:16 - 2019-03-06 05:29 - 001035040 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 03:16 - 2019-03-06 05:16 - 002822456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-13 03:16 - 2019-03-06 05:16 - 001457032 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-13 03:16 - 2019-03-06 05:16 - 001188000 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 03:16 - 2019-03-06 05:16 - 000776792 ____C (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-13 03:16 - 2019-03-06 05:16 - 000722744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-13 03:16 - 2019-03-06 05:16 - 000566568 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-13 03:16 - 2019-03-06 05:16 - 000527160 ____C (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-13 03:16 - 2019-03-06 05:11 - 000493880 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-13 03:16 - 2019-03-06 05:10 - 000248880 ____C (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-13 03:16 - 2019-03-06 05:07 - 001219896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-13 03:16 - 2019-03-06 05:07 - 001023800 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-13 03:16 - 2019-03-06 05:07 - 000376120 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-13 03:16 - 2019-03-06 05:06 - 009084216 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-13 03:16 - 2019-03-06 05:06 - 000134968 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-13 03:16 - 2019-03-06 05:06 - 000076088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-13 03:16 - 2019-03-06 05:05 - 000439224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-13 03:16 - 2019-03-06 05:05 - 000436240 ____C (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-13 03:16 - 2019-03-06 05:05 - 000159864 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 03:16 - 2019-03-06 05:04 - 002765856 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-13 03:16 - 2019-03-06 05:04 - 000945464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-13 03:16 - 2019-03-06 05:04 - 000628024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-13 03:16 - 2019-03-06 05:03 - 007519896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 03:16 - 2019-03-06 05:03 - 002719544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-13 03:16 - 2019-03-06 05:03 - 002465784 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-13 03:16 - 2019-03-06 05:03 - 001921848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-13 03:16 - 2019-03-06 05:03 - 000793400 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-13 03:16 - 2019-03-06 05:03 - 000412984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-13 03:16 - 2019-03-06 05:03 - 000375608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-13 03:16 - 2019-03-06 05:02 - 002421048 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-13 03:16 - 2019-03-06 05:02 - 001257672 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-13 03:16 - 2019-03-06 05:02 - 001140480 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-13 03:16 - 2019-03-06 05:02 - 000982912 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-13 03:16 - 2019-03-06 05:02 - 000626488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-13 03:16 - 2019-03-06 04:44 - 025856512 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-13 03:16 - 2019-03-06 04:36 - 022716928 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-13 03:16 - 2019-03-06 04:36 - 004383744 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-13 03:16 - 2019-03-06 04:34 - 004866048 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-13 03:16 - 2019-03-06 04:33 - 000046080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-13 03:16 - 2019-03-06 04:32 - 003399168 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-13 03:16 - 2019-03-06 04:32 - 000358912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-13 03:16 - 2019-03-06 04:32 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 007598592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 002368512 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 001826816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 000894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 000808448 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 000726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 000353792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 000324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-13 03:16 - 2019-03-06 04:31 - 000279552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-13 03:16 - 2019-03-06 04:31 - 000266752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-13 03:16 - 2019-03-06 04:31 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-13 03:16 - 2019-03-06 04:29 - 002364928 ____C (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-13 03:16 - 2019-03-06 04:29 - 002174976 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-13 03:16 - 2019-03-06 04:29 - 001559552 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-13 03:16 - 2019-03-06 04:29 - 000736256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-13 03:16 - 2019-03-06 04:28 - 004937728 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-13 03:16 - 2019-03-06 04:28 - 001803776 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-13 03:16 - 2019-03-06 04:27 - 002224640 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-13 03:16 - 2019-03-06 04:27 - 000776192 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-13 03:16 - 2019-03-06 04:27 - 000542720 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-13 03:16 - 2019-03-06 04:27 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-13 03:16 - 2019-03-06 04:26 - 000868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-13 03:16 - 2019-03-06 04:26 - 000073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-13 03:16 - 2019-03-06 04:26 - 000031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-13 03:16 - 2019-03-06 04:25 - 000093696 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-13 03:16 - 2019-03-06 03:08 - 000001310 ____C C:\WINDOWS\system32\tcbres.wim
2019-03-13 03:16 - 2019-03-06 02:17 - 001989040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-13 03:16 - 2019-03-06 02:17 - 000146712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-13 03:16 - 2019-03-06 02:15 - 002253488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-13 03:16 - 2019-03-06 02:15 - 000434488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-13 03:16 - 2019-03-06 02:14 - 006568528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 03:16 - 2019-03-06 02:14 - 000785568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-13 03:16 - 2019-03-06 02:14 - 000665224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-13 03:16 - 2019-03-06 02:14 - 000450872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-13 03:16 - 2019-03-06 02:14 - 000380728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-13 03:16 - 2019-03-06 02:13 - 000607248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-13 03:16 - 2019-03-06 02:05 - 022018048 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-13 03:16 - 2019-03-06 01:56 - 019404288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-13 03:16 - 2019-03-06 01:53 - 005307392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-13 03:16 - 2019-03-06 01:53 - 003711488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-13 03:16 - 2019-03-06 01:52 - 005790720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-13 03:16 - 2019-03-06 01:52 - 000608768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-13 03:16 - 2019-03-06 01:52 - 000261632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-13 03:16 - 2019-03-06 01:51 - 000561152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-13 03:16 - 2019-03-06 01:51 - 000333824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-13 03:16 - 2019-03-06 01:51 - 000032768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-13 03:16 - 2019-03-06 01:50 - 001628160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-13 03:16 - 2019-03-06 01:50 - 001347584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-13 03:16 - 2019-03-06 01:50 - 000578560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-13 03:16 - 2019-03-06 01:49 - 004516352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-13 03:16 - 2019-03-06 01:49 - 000318464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-13 03:16 - 2019-03-06 01:49 - 000251904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-13 03:16 - 2019-03-06 01:48 - 000669696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-13 03:16 - 2019-03-06 01:48 - 000533504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-13 03:16 - 2019-02-20 23:26 - 000313344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 002871304 ____C (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-13 03:16 - 2019-02-16 09:02 - 001644040 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 000808456 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 000735752 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 000620040 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 000460296 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 000322568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-13 03:16 - 2019-02-16 09:02 - 000147464 ____C (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 03:16 - 2019-02-16 09:02 - 000071176 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 002266936 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 001786672 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 001627448 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 001424696 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 001048472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 001038136 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000954168 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000830264 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000825144 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000749880 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000670008 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000652088 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000506088 ____C (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-13 03:16 - 2019-02-16 08:57 - 000495416 ____C (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000399672 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000257848 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000231224 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-03-13 03:16 - 2019-02-16 08:57 - 000228152 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000201528 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-03-13 03:16 - 2019-02-16 08:57 - 000183608 ____C (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2019-03-13 03:16 - 2019-02-16 08:57 - 000180528 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-03-13 03:16 - 2019-02-16 08:57 - 000172856 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-03-13 03:16 - 2019-02-16 08:57 - 000034104 ____C C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-03-13 03:16 - 2019-02-16 08:56 - 000549520 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-13 03:16 - 2019-02-16 08:56 - 000540984 ____C (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-13 03:16 - 2019-02-16 08:53 - 001516416 ____C (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-13 03:16 - 2019-02-16 08:36 - 000127488 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-13 03:16 - 2019-02-16 08:34 - 004718080 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 03:16 - 2019-02-16 08:34 - 001725952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 03:16 - 2019-02-16 08:34 - 000302080 ____C (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-13 03:16 - 2019-02-16 08:33 - 002194432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-13 03:16 - 2019-02-16 08:33 - 001786880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-13 03:16 - 2019-02-16 08:32 - 003646976 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-13 03:16 - 2019-02-16 08:32 - 002051072 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 03:16 - 2019-02-16 08:32 - 001127936 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-03-13 03:16 - 2019-02-16 08:31 - 001271808 ____C (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-13 03:16 - 2019-02-16 08:31 - 001186816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-03-13 03:16 - 2019-02-16 08:31 - 001003520 ____C (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-13 03:16 - 2019-02-16 08:31 - 000861184 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-13 03:16 - 2019-02-16 08:31 - 000615424 ____C (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-13 03:16 - 2019-02-16 08:30 - 002019840 ____C (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 03:16 - 2019-02-16 08:30 - 000877568 ____C (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 03:16 - 2019-02-16 08:29 - 000174080 ____C (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 03:16 - 2019-02-16 08:29 - 000091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 03:16 - 2019-02-16 08:25 - 001539896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-03-13 03:16 - 2019-02-16 08:25 - 000148784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2019-03-13 03:16 - 2019-02-16 08:24 - 000444176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-13 03:16 - 2019-02-16 08:22 - 001322176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-13 03:16 - 2019-02-16 08:08 - 000373760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-13 03:16 - 2019-02-16 08:07 - 001307648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-13 03:16 - 2019-02-16 08:07 - 000484352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-13 03:16 - 2019-02-16 08:06 - 002890752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-13 03:16 - 2019-02-16 08:06 - 001530880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-13 03:16 - 2019-02-16 08:06 - 001451520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-13 03:16 - 2019-02-16 08:06 - 000774656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-13 03:16 - 2019-02-16 08:06 - 000765952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-13 03:16 - 2019-02-16 08:04 - 000080384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-13 03:16 - 2019-02-16 08:02 - 000055808 ____C (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-03-13 03:16 - 2019-02-16 07:55 - 000070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-03-13 03:16 - 2019-02-16 06:24 - 023862272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 03:16 - 2019-02-16 06:22 - 019525120 ____C (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 03:16 - 2019-02-16 04:16 - 000511800 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-13 03:16 - 2019-02-16 04:15 - 000505656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-13 03:16 - 2019-02-16 04:15 - 000035640 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-13 03:16 - 2019-02-16 04:05 - 000087800 ____C (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-13 03:16 - 2019-02-16 04:04 - 000193032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-13 03:16 - 2019-02-16 04:03 - 007901392 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 03:16 - 2019-02-16 04:03 - 005625360 ____C (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-13 03:16 - 2019-02-16 04:03 - 000510288 ____C (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-13 03:16 - 2019-02-16 04:02 - 005821440 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-13 03:16 - 2019-02-16 04:02 - 003291632 ____C (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-13 03:16 - 2019-02-16 04:02 - 001934800 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-13 03:16 - 2019-02-16 04:02 - 001792712 ____C (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-13 03:16 - 2019-02-16 04:02 - 000705848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-13 03:16 - 2019-02-16 04:02 - 000432952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-13 03:16 - 2019-02-16 04:02 - 000413712 ____C (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 001285424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-13 03:16 - 2019-02-16 04:01 - 001209696 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 001098056 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 001028920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-13 03:16 - 2019-02-16 04:01 - 001014344 ____C (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 000735464 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 000641984 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 000594024 ____C (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-13 03:16 - 2019-02-16 04:01 - 000527160 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 000480840 ____C (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 000335672 ____C (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-13 03:16 - 2019-02-16 04:01 - 000161664 ____C (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 03:16 - 2019-02-16 03:57 - 000383288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-13 03:16 - 2019-02-16 03:53 - 000443632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-13 03:16 - 2019-02-16 03:51 - 002479168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-13 03:16 - 2019-02-16 03:51 - 001584536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-13 03:16 - 2019-02-16 03:51 - 000170952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-13 03:16 - 2019-02-16 03:50 - 001805648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-13 03:16 - 2019-02-16 03:50 - 001171336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-13 03:16 - 2019-02-16 03:50 - 001130568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-13 03:16 - 2019-02-16 03:50 - 001011872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-13 03:16 - 2019-02-16 03:50 - 000560384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-13 03:16 - 2019-02-16 03:50 - 000504072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-13 03:16 - 2019-02-16 03:37 - 009084928 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-13 03:16 - 2019-02-16 03:36 - 007057408 ____C (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-13 03:16 - 2019-02-16 03:36 - 000144384 ____C (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-13 03:16 - 2019-02-16 03:35 - 008188928 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-13 03:16 - 2019-02-16 03:35 - 006661632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-13 03:16 - 2019-02-16 03:34 - 005883904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-13 03:16 - 2019-02-16 03:34 - 000095232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-13 03:16 - 2019-02-16 03:34 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-13 03:16 - 2019-02-16 03:33 - 006646784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-13 03:16 - 2019-02-16 03:33 - 004708864 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-13 03:16 - 2019-02-16 03:33 - 000119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-13 03:16 - 2019-02-16 03:33 - 000054272 ____C (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 03:16 - 2019-02-16 03:33 - 000043520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-13 03:16 - 2019-02-16 03:33 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-13 03:16 - 2019-02-16 03:32 - 002969088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-13 03:16 - 2019-02-16 03:32 - 000173568 ____C (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 03:16 - 2019-02-16 03:31 - 002825728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 03:16 - 2019-02-16 03:31 - 000392704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-13 03:16 - 2019-02-16 03:31 - 000141312 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-13 03:16 - 2019-02-16 03:31 - 000126976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 002449408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 001986560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 001124352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 000530432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 000357888 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 000254464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-13 03:16 - 2019-02-16 03:30 - 000145920 ____C (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-13 03:16 - 2019-02-16 03:29 - 001768448 ____C (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-13 03:16 - 2019-02-16 03:29 - 000304128 ____C (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-13 03:16 - 2019-02-16 03:28 - 003381248 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-13 03:16 - 2019-02-16 03:28 - 002585600 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-13 03:16 - 2019-02-16 03:28 - 001668096 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-13 03:16 - 2019-02-16 03:28 - 000713216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-13 03:16 - 2019-02-16 03:28 - 000705024 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-13 03:16 - 2019-02-16 03:28 - 000528384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-13 03:16 - 2019-02-16 03:27 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-13 03:16 - 2019-02-16 03:27 - 000729088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-13 03:16 - 2019-02-16 03:27 - 000686592 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 03:16 - 2019-02-16 03:26 - 001459712 ____C (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-13 03:16 - 2019-02-16 03:26 - 001225216 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-13 03:16 - 2019-02-16 03:26 - 000943616 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 03:16 - 2019-02-16 03:26 - 000935424 ____C (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-13 03:16 - 2019-02-16 03:26 - 000401920 ____C (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-13 03:16 - 2019-02-16 03:25 - 000884224 ____C (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-13 03:16 - 2019-02-16 03:25 - 000652800 ____C (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-12 13:11 - 2018-09-20 00:12 - 001483576 ____C (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-03-11 17:28 - 2019-03-11 17:28 - 000000000 ___DC C:\Users\Matt\.android
2019-03-11 17:27 - 2019-03-11 17:27 - 000000000 ___DC C:\Users\Matt\Desktop\platform-tools
2019-03-11 17:26 - 2019-03-11 17:26 - 006183783 ____C C:\Users\Matt\Downloads\platform-tools_r28.0.1-windows.zip
2019-03-09 00:35 - 2019-03-09 00:35 - 000067609 ____C C:\Users\Matt\Downloads\Kyle Abel and 314 others.vcf
2019-03-09 00:35 - 2019-03-09 00:35 - 000000181 ____C C:\Users\Matt\Downloads\Kyle Abel.vcf
2019-03-03 17:52 - 2019-03-03 17:52 - 000001129 ____C C:\Users\Public\Desktop\iFunbox.lnk
2019-03-03 17:52 - 2019-03-03 17:52 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2019-03-03 17:52 - 2019-03-03 17:52 - 000000000 ___DC C:\Program Files (x86)\i-Funbox DevTeam
2019-03-03 17:49 - 2019-03-03 17:49 - 000001816 ____C C:\Users\Public\Desktop\iTunes.lnk
2019-03-03 17:49 - 2019-03-03 17:49 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-03-03 17:49 - 2019-03-03 17:49 - 000000000 ___DC C:\Program Files\iPod
2019-03-03 17:48 - 2019-03-03 17:49 - 000000000 ___DC C:\Program Files\iTunes
2019-03-03 17:46 - 2019-03-03 17:46 - 000000000 ___DC C:\WINDOWS\System32\Tasks\Apple
2019-03-03 17:46 - 2019-03-03 17:46 - 000000000 ___DC C:\Program Files (x86)\Apple Software Update
2019-02-27 20:04 - 2019-02-27 20:04 - 000000989 ____C C:\Users\Matt\Desktop\Core Temp.lnk
2019-02-27 20:04 - 2019-02-27 20:04 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2019-02-27 20:04 - 2019-02-27 20:04 - 000000000 ___DC C:\Program Files\Core Temp
2019-02-27 20:03 - 2019-02-27 20:03 - 001256768 ____C (ALCPU ) C:\Users\Matt\Downloads\Core-Temp-setup.exe
2019-02-26 23:59 - 2019-02-26 23:59 - 039514610 ____C C:\Users\Matt\Downloads\MSIAfterburnerSetup (7).zip
2019-02-26 23:28 - 2019-02-26 23:28 - 019229160 ____C (Microsoft Corporation) C:\Users\Matt\Downloads\MediaCreationTool1809.exe
2019-02-26 23:28 - 2019-02-26 23:28 - 000000000 ___DC C:\$WINDOWS.~BT
2019-02-24 23:22 - 2019-02-24 23:22 - 039514610 ____C C:\Users\Matt\Downloads\MSIAfterburnerSetup (6).zip
2019-02-24 23:20 - 2019-02-26 23:52 - 000000000 ___DC C:\WINDOWS\Panther

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-26 21:48 - 2018-07-05 21:19 - 000000000 ___DC C:\WINDOWS\system32\SleepStudy
2019-03-26 21:48 - 2018-04-11 19:38 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2019-03-26 19:53 - 2018-07-05 21:28 - 000838560 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-26 19:53 - 2018-04-11 19:36 - 000000000 ___DC C:\WINDOWS\INF
2019-03-26 19:49 - 2018-07-05 21:25 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2019-03-26 19:49 - 2016-12-16 23:37 - 000000000 ___DC C:\ProgramData\NVIDIA
2019-03-26 19:48 - 2018-07-05 21:25 - 000003140 ____C C:\WINDOWS\System32\Tasks\MSIAfterburner
2019-03-26 19:48 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-26 19:48 - 2017-07-02 15:18 - 000065536 ____C C:\WINDOWS\system32\spu_storage.bin
2019-03-26 18:25 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\AppReadiness
2019-03-26 17:40 - 2018-07-05 21:25 - 000004166 ____C C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DAE8B86C-7831-4B07-869F-5858260A9972}
2019-03-26 12:00 - 2018-07-05 21:25 - 000003544 ____C C:\WINDOWS\System32\Tasks\ASUS Live Update1
2019-03-26 12:00 - 2018-07-05 21:25 - 000003534 ____C C:\WINDOWS\System32\Tasks\ASUS Live Update2
2019-03-26 02:00 - 2017-05-20 02:00 - 000000000 ___DC C:\Users\Matt\AppData\Local\Adobe
2019-03-25 23:48 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-25 23:39 - 2017-07-17 01:11 - 000000000 ___DC C:\Users\Matt\Desktop\Stream and screens
2019-03-25 23:24 - 2018-07-05 21:21 - 000000000 ___DC C:\Users\Matt
2019-03-25 23:24 - 2018-04-11 19:38 - 000000000 __HDC C:\WINDOWS\ELAMBKUP
2019-03-25 23:24 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-25 23:04 - 2016-12-16 23:25 - 000000000 ___DC C:\Program Files\Synergy
2019-03-25 21:12 - 2018-06-10 22:16 - 159568166 ____C C:\Users\Matt\Downloads\bin_1_9_0_3.zip
2019-03-25 21:12 - 2017-12-20 20:34 - 148974717 ____C C:\Users\Matt\Downloads\bin_1_8_2_0.zip
2019-03-25 21:11 - 2018-02-23 02:14 - 005193151 ____C C:\Users\Matt\Downloads\NHML-1.8.1.8.zip
2019-03-25 21:11 - 2017-12-20 20:36 - 142572259 ____C C:\Users\Matt\Downloads\bin_1_8_1_5.zip
2019-03-25 21:11 - 2017-12-10 23:16 - 004143775 ____C C:\Users\Matt\Downloads\Claymore.s.Dual.Ethereum.Decred_Siacoin_Lbry_Pascal.AMD.NVIDIA.GPU.Miner.v10.0.zip
2019-03-25 21:11 - 2017-07-02 15:27 - 007363093 ____C C:\Users\Matt\Downloads\Claymore's Dual Ethereum+Decred_Siacoin_Lbry_Pascal AMD+NVIDIA GPU Miner v9.6 - Catalyst 15.12-17.x - CUDA 8.0_7.5_6.5.zip
2019-03-25 21:11 - 2017-07-02 15:27 - 007363093 ____C C:\Users\Matt\Desktop\Claymore's Dual Ethereum+Decred_Siacoin_Lbry_Pascal AMD+NVIDIA GPU Miner v9.6 - Catalyst 15.12-17.x - CUDA 8.0_7.5_6.5.zip
2019-03-25 19:42 - 2017-11-02 21:33 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\Electroneum
2019-03-25 19:42 - 2017-07-02 15:27 - 000000000 ___DC C:\Users\Matt\Downloads\Claymore's Dual Ethereum+Decred_Siacoin_Lbry_Pascal AMD+NVIDIA GPU Miner v9.6
2019-03-25 18:20 - 2017-07-14 03:05 - 000001080 ____C C:\Users\Matt\Desktop\SpeedFan.lnk
2019-03-25 18:20 - 2017-07-14 03:05 - 000000000 ___DC C:\Program Files (x86)\SpeedFan
2019-03-24 22:30 - 2018-06-10 23:05 - 000000000 ___DC C:\Users\Matt\Desktop\NH2
2019-03-24 22:30 - 2018-06-10 22:49 - 000000000 ___DC C:\Users\Matt\Desktop\nhm_windows_1.9.0.3
2019-03-24 22:22 - 2018-03-24 04:14 - 000000000 ___DC C:\Users\Matt\AppData\Local\Packages
2019-03-24 22:22 - 2016-12-17 03:16 - 000000000 __RDC C:\Users\Matt\OneDrive
2019-03-22 19:55 - 2016-12-16 23:24 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2019-03-22 19:55 - 2016-12-16 23:24 - 000000000 ___DC C:\Program Files\KMSpico
2019-03-22 19:51 - 2017-04-08 22:08 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\discord
2019-03-22 19:32 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2019-03-22 19:21 - 2018-01-04 23:28 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Software
2019-03-22 19:21 - 2018-01-04 23:28 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\brave
2019-03-22 19:21 - 2018-01-04 23:28 - 000000000 ___DC C:\Users\Matt\AppData\Local\brave
2019-03-22 18:57 - 2016-12-16 23:32 - 000000000 ___DC C:\Users\Matt\AppData\Local\Google
2019-03-22 18:55 - 2017-02-24 14:17 - 000000000 ___DC C:\Users\Matt\AppData\LocalLow\Mozilla
2019-03-22 18:46 - 2016-12-17 03:15 - 000000000 ___DC C:\Users\Matt\AppData\Local\VirtualStore
2019-03-21 18:55 - 2017-02-23 22:34 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\obs-studio
2019-03-21 18:17 - 2019-01-17 23:43 - 000000000 ___DC C:\Users\Matt\AppData\LocalLow\uTorrent
2019-03-21 18:17 - 2016-12-20 23:34 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\uTorrent
2019-03-19 22:44 - 2018-01-11 23:08 - 000000000 ___DC C:\Program Files\rempl
2019-03-18 22:15 - 2017-04-12 23:13 - 000000000 ___DC C:\Users\Matt\AppData\Local\Discord
2019-03-18 22:15 - 2017-04-08 22:08 - 000002277 ____C C:\Users\Matt\Desktop\Discord.lnk
2019-03-18 22:14 - 2018-07-05 21:19 - 000233880 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-18 22:13 - 2018-04-12 05:20 - 000000000 ___DC C:\Program Files\Windows Defender Advanced Threat Protection
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 __SDC C:\WINDOWS\system32\UNP
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\TextInput
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\system32\oobe
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\system32\appraiser
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\ShellExperiences
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ___DC C:\WINDOWS\bcastdvr
2019-03-18 22:13 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-14 04:02 - 2018-04-11 19:30 - 000000000 ___DC C:\WINDOWS\CbsTemp
2019-03-13 03:17 - 2018-11-13 22:50 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-03-13 03:17 - 2018-11-13 22:50 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-03-13 03:15 - 2016-12-16 23:43 - 000000000 ___DC C:\WINDOWS\system32\MRT
2019-03-13 03:13 - 2016-12-16 23:43 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-04 21:03 - 2019-02-07 23:44 - 000000000 ___DC C:\Program Files (x86)\Origin
2019-03-03 17:52 - 2017-01-24 21:21 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\iFunbox_UserCache
2019-03-03 17:46 - 2017-11-03 14:49 - 000002535 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2019-03-03 12:54 - 2018-04-11 19:41 - 000835480 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 12:54 - 2018-04-11 19:41 - 000179608 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-26 23:58 - 2018-07-05 21:27 - 000000000 ___DC C:\Users\Matt\AppData\Local\D3DSCache
2019-02-26 23:52 - 2017-07-30 11:57 - 000000000 ___DC C:\ESD
2019-02-26 23:51 - 2016-12-21 02:36 - 000000000 ___DC C:\Users\Matt\Desktop\Ultimate Twitch Bot 3
2019-02-26 23:37 - 2016-12-22 20:20 - 000000000 ___DC C:\Program Files (x86)\Steam
2019-02-25 00:07 - 2019-01-23 22:43 - 000000000 ___DC C:\Users\Matt\Documents\3DMark
2019-02-24 23:20 - 2018-04-11 19:38 - 000000000 __SDC C:\WINDOWS\SysWOW64\F12
2019-02-24 23:20 - 2018-04-11 19:38 - 000000000 __SDC C:\WINDOWS\system32\F12
2019-02-24 09:55 - 2019-02-07 23:43 - 000000000 ___DC C:\Users\Matt\AppData\Roaming\Origin

==================== Files in the root of some directories =======

2019-03-22 19:27 - 2019-03-22 19:29 - 000137168 ____C (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-03-22 19:27 - 2019-03-22 19:29 - 001246160 ____C (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-03-22 19:30 - 2019-03-22 19:30 - 000048768 ____C () C:\ProgramData\PY3E765N2A.exe
2019-03-22 19:27 - 2019-03-22 19:27 - 000048741 ____C () C:\ProgramData\Y7XJUVK1BN.exe
2019-03-22 18:54 - 2019-03-22 18:54 - 000070992 ____C () C:\Users\Matt\AppData\Local\Config.xml
2019-03-22 18:54 - 2019-03-22 18:54 - 002036751 ____C () C:\Users\Matt\AppData\Local\Donfan.tst
2019-03-22 18:54 - 2019-03-22 18:54 - 000005568 ____C () C:\Users\Matt\AppData\Local\md.xml
2018-09-26 15:24 - 2018-09-26 15:24 - 000000000 ____C () C:\Users\Matt\AppData\Local\oobelibMkey.log
2017-07-28 20:31 - 2017-07-28 20:31 - 000004432 ____C () C:\Users\Matt\AppData\Local\recently-used.xbel
2017-09-01 23:48 - 2019-01-23 22:30 - 000007608 ____C () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2019-03-22 18:54 - 2019-03-24 16:23 - 000722944 ____C () C:\Users\Matt\AppData\Local\sha.db
2019-03-22 18:54 - 2019-03-22 18:54 - 000032038 ____C () C:\Users\Matt\AppData\Local\uninstall_temp.ico

Some files in TEMP:
====================
2019-03-25 18:20 - 2019-03-25 18:20 - 000192512 ____C () C:\Users\Matt\AppData\Local\Temp\sfamcc00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-05 21:19

==================== End of FRST.txt ============================

 

[AdvancedSetup]

Can you please attach all logs as requested. The forum does not always decode logs correctly

Thank you

 

[mflo17]

I apologize I have attached the file here

FRST.txt

[AdvancedSetup]

No problem. There should be another file too. The Additions.txt file can you please attach that too

 

[mflo17]

Yes I have attached that here

Addition.txt

[AdvancedSetup]

Please start up Firefox and let me know if it gets the same block/alert

 

[mflo17]

I just checked and it doesn't appear like it's happening in Firefox. Sometimes it took a while for the first pop up ad to appear and then after that it would hijack any link i clicked and open random tabs

[AdvancedSetup]

Yes, that's what I'm trying to demonstrate. It is a setting in Google Chrome that is allowing this. You can try the article again, or you can try the following method which is a bit more aggressive at cleaning Chrome. 

Please export your Chrome bookmarks (if you have any) to a safe location outside of any Google Chrome folders.

 

 

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

• Open Chrome and at the top right, click  More tools  Extensions
• Write down the list of Extensions installed.
• Next, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
• Scroll down until you see the   "reset sync" button to clear your data from the server and remove your passphrase.
• Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
• Press the Windows key + R at the same time, to bring up the run dialog box.
   
  • 
     
• Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\

1. Press Ctrl + A to select all the files and folders.
2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
4. Example of all files and folders selected, except Bookmarks

 

Restart your computer now and make sure there are no longer any redirects or other browser issues and let me know the results

Thanks

Ron

 

 

[mflo17]

I did this and there doesn't appear to be any redirects or issues currently but AdwCleaner still finds SearchManager when I run a scan.

[AdvancedSetup]

Please post back the AdwCleaner log as an attachment

 

[mflo17]

I have attached it here. Thank you so much for all the help

AdwCleaner[S27].txt

[AdvancedSetup]

That log shows as a scan log not a clean log. Do  you have the log that shows you click Clean and Repair?

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks