Solved Computer is laggy, especially while browsing

J

jcorvin

Posts: 61   +0
Please help

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Brandon (administrator) on ACERI5 (01-08-2017 18:43:50)
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon (Available Profiles: Brandon)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\UPDD916.tmp
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\UPDD481.tmp
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [Start WingMan Profiler] => [X]
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-08-01] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A2A1C2B1-BCAC-420C-82B4-3DF9A15A81AC}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B70EDA39-35EB-4E7F-8E7A-2ECAC6F45200}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001 -> {7DEA6271-F62B-45DC-A3A8-BEB0D1DB36B5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140609&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-06-19] (McAfee, Inc.)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-03] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-06-19] (McAfee, Inc.)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-10-05] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-03] (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-10-05] ()
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-06-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-06-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-06-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-06-19] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C214US662D20140609&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default [2017-08-01]
CHR Extension: (Google Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-03-10]
CHR Extension: (Google Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-03]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-03]
CHR Extension: (Google Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-06-11]
CHR Extension: (Google Docs Offline) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-08-01] (SUPERAntiSpyware.com)
S2 0113001501545192mcinstcleanup; C:\Windows\TEMP\011300~1.EXE [883024 2017-07-31] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
R2 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [179216 2017-06-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-01 18:43 - 2017-08-01 18:44 - 000022628 _____ C:\Users\Brandon\Downloads\FRST.txt
2017-08-01 18:43 - 2017-08-01 18:43 - 000000000 ____D C:\FRST
2017-08-01 18:42 - 2017-08-01 18:42 - 002381312 _____ (Farbar) C:\Users\Brandon\Downloads\FRST64.exe
2017-07-31 19:52 - 2017-06-29 20:27 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-31 19:52 - 2017-06-29 20:27 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-17 16:33 - 2017-07-06 04:52 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-17 16:33 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-17 16:33 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-17 16:33 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-17 16:33 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-17 16:33 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-17 16:33 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-17 16:33 - 2017-06-29 01:17 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-17 16:33 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-17 16:33 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-17 16:33 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-17 16:33 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-17 16:33 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-17 16:33 - 2017-06-29 00:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-17 16:33 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-17 16:33 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-17 16:33 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-17 16:33 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-17 16:33 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-17 16:33 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-17 16:33 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-17 16:33 - 2017-06-27 10:29 - 007796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-17 16:33 - 2017-06-27 10:29 - 007077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-17 16:33 - 2017-06-27 10:26 - 005274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-17 16:33 - 2017-06-27 10:26 - 005268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-17 16:33 - 2017-06-22 10:22 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-17 16:33 - 2017-06-17 12:45 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-17 16:33 - 2017-06-17 12:34 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-17 16:33 - 2017-06-17 12:11 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-17 16:33 - 2017-06-17 12:05 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-17 16:33 - 2017-06-15 18:02 - 000990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-17 16:33 - 2017-06-15 09:45 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-17 16:33 - 2017-06-15 09:45 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-17 16:33 - 2017-06-15 09:45 - 001534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-17 16:33 - 2017-06-15 09:45 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-17 16:33 - 2017-06-15 09:45 - 001370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-17 16:33 - 2017-06-15 09:45 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-17 16:33 - 2017-06-11 20:06 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-17 16:33 - 2017-06-11 18:21 - 000590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-17 16:33 - 2017-06-11 17:43 - 000371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-17 16:33 - 2017-06-11 17:25 - 000478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-17 16:33 - 2017-06-11 17:15 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-17 16:33 - 2017-06-11 17:08 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-17 16:33 - 2017-06-11 17:07 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-17 16:33 - 2017-06-11 17:00 - 000962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-17 16:33 - 2017-06-11 16:58 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-17 16:33 - 2017-06-11 16:40 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-17 16:33 - 2017-06-11 16:35 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-17 16:33 - 2017-06-11 16:31 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-17 16:33 - 2017-06-11 11:15 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-17 16:33 - 2017-06-06 16:52 - 003120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-17 16:33 - 2017-06-06 16:42 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-17 16:33 - 2017-06-06 16:38 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-17 16:33 - 2017-06-06 16:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-17 16:33 - 2017-06-06 16:36 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-17 16:33 - 2017-06-06 16:35 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-17 16:33 - 2017-06-06 15:13 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-17 16:33 - 2017-06-06 15:08 - 002712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-17 16:33 - 2017-06-06 15:03 - 000837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-17 16:33 - 2017-06-06 14:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-17 16:33 - 2017-06-06 14:57 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-17 16:33 - 2017-06-06 14:56 - 000375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-17 16:33 - 2017-06-06 14:03 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-17 16:33 - 2017-06-03 12:27 - 002346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-17 16:33 - 2017-06-03 12:03 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-17 16:33 - 2017-05-31 17:20 - 000470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-17 16:33 - 2017-05-15 18:09 - 000057688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-17 16:33 - 2017-05-15 16:03 - 000379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-17 16:33 - 2017-05-09 10:37 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-17 16:33 - 2017-05-09 10:35 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-17 16:33 - 2017-05-09 10:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-17 16:33 - 2017-05-09 10:29 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-17 16:33 - 2017-05-09 10:28 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-17 16:33 - 2017-05-09 10:28 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-17 16:33 - 2017-05-09 10:12 - 000448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-17 16:33 - 2017-05-06 12:45 - 001114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-17 16:33 - 2017-05-06 12:41 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-17 16:33 - 2017-05-02 16:09 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-17 16:33 - 2017-05-02 16:08 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-17 16:33 - 2017-05-02 16:08 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-17 16:33 - 2017-05-02 14:41 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-17 16:33 - 2017-05-02 14:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-17 16:33 - 2017-05-02 14:31 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-17 16:33 - 2017-05-02 13:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-17 16:33 - 2017-04-30 12:48 - 000080078 _____ C:\Windows\system32\normidna.nls
2017-07-17 16:33 - 2017-04-27 21:13 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-17 16:33 - 2017-04-27 21:11 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-17 16:33 - 2016-05-18 17:54 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2017-07-17 16:33 - 2016-05-18 17:15 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2017-07-16 19:59 - 2017-07-16 19:59 - 000000000 ____D C:\Users\Brandon\AppData\Local\CEF
2017-07-05 19:33 - 2017-05-11 19:36 - 022361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-05 19:33 - 2017-05-11 19:32 - 019788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-05 19:33 - 2017-04-02 10:49 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-07-05 19:32 - 2017-06-02 08:15 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-05 19:32 - 2017-06-02 08:06 - 001001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-05 19:32 - 2017-06-02 08:01 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-05 19:32 - 2017-06-02 07:03 - 000903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-05 19:32 - 2017-05-15 15:58 - 000121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-07-05 19:32 - 2017-05-14 16:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-05 19:32 - 2017-05-14 16:19 - 001364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-05 19:32 - 2017-05-14 15:04 - 000315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-05 19:32 - 2017-05-14 15:03 - 000373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-05 19:32 - 2017-05-14 14:06 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-05 19:32 - 2017-05-14 14:06 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-05 19:32 - 2017-05-12 12:16 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-05 19:32 - 2017-05-12 12:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-05 19:32 - 2017-05-11 22:58 - 001985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-05 19:32 - 2017-05-11 22:48 - 001377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-05 19:32 - 2017-05-11 22:18 - 003714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-05 19:32 - 2017-05-10 14:19 - 000101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-05 19:32 - 2017-05-06 12:05 - 001094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-05 19:32 - 2017-05-06 12:04 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-05 19:32 - 2017-04-06 13:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-07-05 19:32 - 2017-04-06 12:50 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-05 19:32 - 2017-04-06 12:46 - 000434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-05 19:32 - 2017-04-06 12:35 - 001362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-05 19:32 - 2017-04-06 12:15 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-05 19:32 - 2017-04-06 11:44 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-07-05 19:31 - 2017-06-02 08:12 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-05 19:31 - 2017-06-02 08:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-05 19:31 - 2017-06-02 06:25 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-05 19:31 - 2017-06-02 06:24 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-05 19:31 - 2017-06-02 06:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-05 19:31 - 2017-06-02 05:43 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-05 19:31 - 2017-05-14 14:13 - 000136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-05 19:31 - 2017-05-12 13:05 - 000035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-05 19:31 - 2017-05-12 11:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-05 19:31 - 2017-05-12 11:50 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-05 19:31 - 2017-05-12 11:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-05 19:31 - 2017-05-12 11:47 - 000726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-05 19:31 - 2017-05-12 00:10 - 000044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-05 19:31 - 2017-05-11 22:11 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-05 19:31 - 2017-05-11 22:10 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-05 19:31 - 2017-05-11 22:07 - 000409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-07-05 19:31 - 2017-05-11 22:06 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-05 19:31 - 2017-05-11 22:04 - 000897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-05 19:31 - 2017-05-11 22:00 - 002240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-05 19:31 - 2017-04-06 13:37 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-05 19:31 - 2017-04-06 12:46 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-05 19:31 - 2017-02-10 15:06 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-05 19:31 - 2017-02-01 15:44 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-05 19:31 - 2017-02-01 15:42 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 09:36 - 2014-01-15 03:44 - 000000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2017-08-01 18:37 - 2016-12-03 14:39 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-01 18:36 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-07-31 20:52 - 2014-06-09 02:15 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123904499-927742330-4291546209-1001
2017-07-31 19:57 - 2013-12-16 00:01 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-31 19:51 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-31 19:50 - 2013-08-22 10:44 - 000436784 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-17 16:45 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-07-17 16:42 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2017-07-17 16:40 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-07-16 20:28 - 2014-06-09 02:53 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\.minecraft
2017-07-16 19:59 - 2016-03-20 17:25 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-07-16 19:58 - 2016-03-20 17:30 - 000000994 _____ C:\Users\Brandon\Desktop\nativelog.txt
2017-07-16 19:56 - 2015-10-27 17:44 - 000000000 ____D C:\ProgramData\panda_url_filtering
2017-07-16 19:56 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-07-05 19:06 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps

==================== Files in the root of some directories =======

2015-12-12 16:37 - 1999-10-20 18:40 - 000636928 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\AdvTelop.dll
2015-12-12 16:37 - 1999-10-20 18:40 - 000699392 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Champagn.dll
2015-12-12 16:37 - 1999-05-17 18:53 - 000001078 ____N () C:\Program Files (x86)\ControllerSettings.ico
2015-12-12 16:43 - 2000-04-12 05:46 - 000053248 _____ (SEGA.COM) C:\Program Files (x86)\GOTOHEAT.EXE
2015-12-12 16:37 - 2000-08-07 16:11 - 000630784 ____N () C:\Program Files (x86)\LAUNCH.EXE
2015-12-12 16:37 - 1999-10-20 18:44 - 000642048 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MainMode.dll
2015-12-12 16:37 - 1999-06-11 19:13 - 000045056 _____ () C:\Program Files (x86)\miscdll.dll
2015-12-12 16:37 - 1999-05-23 21:34 - 000000000 _____ () C:\Program Files (x86)\MPDATA.DAT
2015-12-12 16:37 - 1999-06-01 15:22 - 000000000 _____ () C:\Program Files (x86)\MPDATA.TMP
2015-12-12 16:37 - 1999-10-20 18:40 - 001137152 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSelect.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_E.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_F.dll
2015-12-12 16:37 - 1999-05-31 16:49 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_G.dll
2015-12-12 16:37 - 1999-05-31 06:31 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_I.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_J.dll
2015-12-12 16:37 - 1999-11-02 15:31 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_S.dll
2015-12-12 16:37 - 1999-10-20 18:44 - 000767488 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Options.dll
2015-12-12 16:37 - 1999-04-27 18:45 - 000057344 _____ () C:\Program Files (x86)\PASSWORD.dll
2015-12-12 16:42 - 2000-09-18 12:53 - 000019777 _____ () C:\Program Files (x86)\README.txt
2015-12-12 16:37 - 1999-10-20 18:45 - 001146880 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Record.dll
2015-12-12 16:37 - 1999-10-20 18:45 - 000792576 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\ReplayGallery.dll
2015-12-12 16:37 - 2015-12-12 16:38 - 001472000 ____N (Sega Enterprises, Ltd.) C:\Program Files (x86)\SEGA RALLY 2.exe
2015-12-12 16:37 - 1999-10-20 18:45 - 000615424 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\SegaLogo.dll
2015-12-12 16:37 - 1999-02-15 22:30 - 000141824 _____ () C:\Program Files (x86)\spcArcdll.dll
2015-12-12 16:37 - 2015-12-12 19:30 - 000000100 _____ () C:\Program Files (x86)\SR2.CFG
2015-12-12 16:42 - 1999-05-31 07:20 - 000045056 _____ () C:\Program Files (x86)\SR2_MSG.dll
2015-12-12 16:37 - 2015-12-12 19:30 - 000029456 _____ () C:\Program Files (x86)\SR2_SAVE.DAT
2015-12-12 16:37 - 1999-10-20 18:45 - 000637952 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Title.dll
2015-12-12 16:37 - 2015-12-12 17:01 - 000628516 _____ () C:\Program Files (x86)\Uninst.isu
2015-12-12 16:37 - 2000-06-14 14:12 - 000612352 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\VendorLogo.dll
2014-06-12 10:05 - 2014-06-12 10:05 - 000035840 ___SH () C:\Users\Brandon\AppData\Roaming\Thumbs.db
2014-01-15 03:44 - 2014-01-15 03:44 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-09 02:23 - 2014-06-09 02:23 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
2017-07-31 20:15 - 2017-07-31 20:15 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct149D.tmp.exe
2017-07-16 20:03 - 2017-07-16 20:03 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct1E49.tmp.exe
2017-07-16 20:04 - 2017-07-16 20:04 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct2512.tmp.exe
2017-07-31 20:13 - 2017-07-31 20:13 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct2890.tmp.exe
2017-07-31 20:20 - 2017-07-31 20:20 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct2DC7.tmp.exe
2017-07-31 20:11 - 2017-07-31 20:11 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct3D8D.tmp.exe
2017-07-31 20:18 - 2017-07-31 20:18 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct4576.tmp.exe
2017-07-31 20:10 - 2017-07-31 20:10 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct4606.tmp.exe
2017-07-31 20:07 - 2017-07-31 20:07 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct50FE.tmp.exe
2017-07-31 20:08 - 2017-07-31 20:08 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct514E.tmp.exe
2017-07-16 20:00 - 2017-07-16 20:01 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct643B.tmp.exe
2017-07-31 20:05 - 2017-07-31 20:05 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct6AF5.tmp.exe
2017-07-16 20:02 - 2017-07-16 20:02 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct7173.tmp.exe
2017-07-31 20:02 - 2017-07-31 20:02 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct782E.tmp.exe
2017-07-31 20:19 - 2017-07-31 20:19 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct81F5.tmp.exe
2017-07-31 20:03 - 2017-07-31 20:03 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct883D.tmp.exe
2017-07-31 20:20 - 2017-07-31 20:20 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct8F49.tmp.exe
2017-07-31 20:15 - 2017-07-31 20:15 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct910C.tmp.exe
2017-07-16 20:04 - 2017-07-16 20:04 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct9549.tmp.exe
2017-07-31 20:14 - 2017-07-31 20:14 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\oct9E0A.tmp.exe
2017-07-31 20:21 - 2017-07-31 20:21 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octA814.tmp.exe
2017-07-31 20:17 - 2017-07-31 20:17 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octAFE1.tmp.exe
2017-07-31 20:12 - 2017-07-31 20:12 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octB190.tmp.exe
2017-07-16 20:02 - 2017-07-16 20:02 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octBEA2.tmp.exe
2017-07-31 20:11 - 2017-07-31 20:11 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octC266.tmp.exe
2017-07-31 20:03 - 2017-07-31 20:03 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octC7A.tmp.exe
2017-07-31 20:06 - 2017-07-31 20:06 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octCED2.tmp.exe
2017-07-31 20:01 - 2017-07-31 20:01 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octD088.tmp.exe
2017-07-31 20:09 - 2017-07-31 20:09 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octD1C5.tmp.exe
2017-07-31 20:16 - 2017-07-31 20:16 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octD9B.tmp.exe
2017-07-31 20:08 - 2017-07-31 20:08 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octDE74.tmp.exe
2017-07-16 20:01 - 2017-07-16 20:01 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octE6C5.tmp.exe
2017-07-31 20:04 - 2017-07-31 20:04 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octE762.tmp.exe
2017-07-31 20:04 - 2017-07-31 20:04 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octE9F.tmp.exe
2017-07-31 20:18 - 2017-07-31 20:18 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octECCD.tmp.exe
2017-07-31 20:06 - 2017-07-31 20:06 - 067289280 _____ (SweetLabs,Inc.) C:\Users\Brandon\AppData\Local\Temp\octF87B.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-17 19:01

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Brandon (01-08-2017 18:46:33)
Running from C:\Users\Brandon\Downloads
Windows 8.1 (Update) (X64) (2014-06-09 06:09:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1123904499-927742330-4291546209-500 - Administrator - Disabled)
Brandon (S-1-5-21-1123904499-927742330-4291546209-1001 - Administrator - Enabled) => C:\Users\Brandon
Guest (S-1-5-21-1123904499-927742330-4291546209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1123904499-927742330-4291546209-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3006 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3014 - Acer Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-798af528-50bf-4694-a200-9b96a2fe9a7f) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-411cc428-4f33-4d9d-bce5-dabe320c2788) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-dd2ac1c0-7b1d-4a16-83c2-03a3084375b0) (Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Pokki) (Version: 0.269.7.783 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
iExplorer 3.8.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-0f747c3d-6880-4ea8-833c-63f13badcb64) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-72cd91f0-6c13-4fe8-b0c3-6cf7b94c8602) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\NARA) (Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.07 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\{293AA48A-DFC2-4F7D-9ED7-1A0F25CB5368}) (Version: 8.04.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.)
Peggle Nights (HKLM-x32\...\WTA-8a7d75b7-b255-4103-af25-26f3bf0019df) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-080fb413-2b0c-43ad-9ff3-1b7e1597e630) (Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)
SEGA RALLY 2 (HKLM-x32\...\SEGA RALLY 2) (Version: - )
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-d6007307-c8ab-44eb-bed5-77c5e59325dc) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-3aea57b8-d140-48cf-b48d-788f3fdaaadc) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
WingMan Software (HKLM-x32\...\{435673AB-6821-416D-806A-E477DFA60A42}) (Version: 4.20 - Logitech)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-22] (WinZip Computing, S.L.)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-22] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-22] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27E04B6B-8CBC-480F-A360-D1AEDFCBDB60} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {2BA48461-B0A4-4CD2-AF43-D5F113152CB4} - \Prelauncher -> No File <==== ATTENTION
Task: {3759A2D7-DA08-44F5-B606-584FE9A5F82C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0746ad06-7dbb-44e5-ac88-48dfe6bf6f62 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {4C0F55E9-2D7A-4FB7-AA9A-B500C253CF20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-03] (Google Inc.)
Task: {4FBF0370-DFF5-44B6-9BC2-249EFC892A49} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {5EBBAA7B-0395-4280-BE05-3040E922BD3B} - \{353FAED2-EA1F-4DCE-A29F-1AC4C5277C35} -> No File <==== ATTENTION
Task: {6123947E-3F6A-47B8-9F00-64959B71F4DF} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {66683958-634D-4AFF-ABB3-9C2F69676183} - \Power Management -> No File <==== ATTENTION
Task: {6A23E752-E558-477A-A96A-2D2215C1B332} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-27] (Acer Incorporated)
Task: {716B0B38-AA3E-4C18-8A8C-61E8A1238516} - \{B97575D0-9F3C-4E7A-8C15-412D2CB0A2FF} -> No File <==== ATTENTION
Task: {71C4564D-DCC7-46E0-A87B-CA466D3A881E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {7309C6C8-279E-4B06-BB04-74FBA2ABEE4C} - \Pokki -> No File <==== ATTENTION
Task: {74FC5A31-ADE6-4D55-92A9-C73964D7DFF5} - System32\Tasks\SUPERAntiSpyware Scheduled Task d208e487-526b-4de4-8b55-570392b0f54b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {78F11E08-9C76-45F2-8634-7E649098DBE0} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {880E1F8A-67D4-4D77-A0E4-C6429E5BFB4F} - \prelauncher_First -> No File <==== ATTENTION
Task: {A7E8CB14-A617-4D50-8DBA-9C088F16D845} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-03] (Google Inc.)
Task: {B2C7D0EB-BD1F-4D86-9C6B-5549F4EF0D81} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-09-13] (Acer Incorporated)
Task: {BFDB152E-87E3-4799-9897-BAA48E8E4DFE} - \Screen Grasp GestureDetection -> No File <==== ATTENTION
Task: {C523E1A2-15AD-4A53-83F5-1B23C3001107} - System32\Tasks\{B434E1F3-FC8F-4636-9855-EA0D7FEEEB17} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\control.exe -d C:\Windows\SysWOW64 -c "C:\Windows\SysWOW64\sr2_cpl.cpl",
Task: {D2CE8B43-AA29-4088-A32E-014E180C59B4} - \Touch Tools Launcher -> No File <==== ATTENTION
Task: {F17B4C93-CB99-4567-B92A-18A981DEAD41} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {F7E979B8-5E06-4FDC-B496-8DB9652CB087} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0746ad06-7dbb-44e5-ac88-48dfe6bf6f62.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d208e487-526b-4de4-8b55-570392b0f54b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Brandon\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=adnlfjpnmidfimlkaohpidplnoimahfh
ShortcutWithArgument: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=adnlfjpnmidfimlkaohpidplnoimahfh
ShortcutWithArgument: C:\Users\Public\Desktop\PRIVATE WiFi.lnk -> C:\Program Files\PRIVATE WiFi\StartURL.exe () -> hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default

==================== Loaded Modules (Whitelisted) ==============

2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-09 17:13 - 2013-09-09 17:13 - 000050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2013-09-25 07:04 - 2013-09-25 07:04 - 000011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 07:01 - 2013-09-25 07:01 - 000086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 07:08 - 2013-09-25 07:08 - 000012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2017-06-30 18:54 - 2017-06-22 23:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-30 18:54 - 2017-06-22 23:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2013-01-29 16:28 - 2013-01-29 16:28 - 000109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 16:28 - 2013-01-29 16:28 - 000055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2015-05-24 14:55 - 2015-05-24 14:55 - 000101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2015-05-24 14:56 - 2015-05-24 14:56 - 001782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2013-04-12 13:23 - 2013-04-12 13:23 - 000612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-01-15 03:39 - 2013-09-16 15:20 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D116C8D9-CEA0-4829-9242-AABD4CE085D3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{4A0B499D-F187-45B2-839D-FF7BAE526144}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{33DBC11E-1EDA-4B28-8DEC-F7C47EBF6B1D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7FF4C6E9-D498-4BDE-8C33-506BA01401DD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F3DFB9BE-7569-4628-BD9E-0C415FBE97EE}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4235766D-287D-4845-84D0-5A0A764DBC2D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{FC35BC78-A7E9-4865-876C-94CEAF5DF2A1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A1D0511A-C3A0-4C6F-9C25-49B44C8E14F9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1BCA69BD-DC44-4676-BA9E-57F5605A2C79}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{AF908593-69B2-4CB7-B07A-CCEB2A144EB0}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{35C30AC2-CCEB-4970-B764-35C75DDA2288}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{627338D1-2649-444D-8C7A-32869D7B83EC}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{276DE69E-2A2B-4138-AD9C-642EA1D08431}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{32F08CA8-466C-43C2-866B-5C123E8F6DAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{37719F36-4097-458D-99E6-BE5195B46CCC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E00D346C-22D3-445A-A21C-CEC93A8C45B2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{B5A11760-FC49-481F-8BEB-93D9147B63FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A18B220A-D2A6-4F0D-A69F-37FCBB242030}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{06616D13-90E1-4EA5-B232-A5E8C65166A1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6B442212-B6AA-4B66-86AA-8D4AD27D94BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{25F179AD-BB48-4F3D-A49C-9E88B5E7CAAC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{9BBADF6F-9599-4F81-A779-3BC11F63FA2B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E5C40BF0-F999-4B81-8DF1-EB5ABD50C946}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E9669AD5-939B-4104-AE36-B6E7CBA109E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{4AE990DF-FEFF-476C-AE13-AD6C1850B60D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{888C7E47-2EE5-4CB7-B7A5-AAB4FB12F15D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DCC47D20-9951-46CC-A1D5-E1152CDF010E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{EA44727C-C103-4CB9-A2DF-606C241AC97B}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{65CD2C3C-1E00-4523-BEFE-5D9DDD780AD7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{1B330949-3645-4802-968F-FF4D2F150C77}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{99280DA9-581B-40AC-A3A5-093A469C4AA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{042A9EE1-25DA-4146-A08F-9A0334669F19}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{2C035EA4-5959-4FB3-A1A9-C0FB614136CD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0FC3D221-73A6-44E3-BF83-ADA962E8109B}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{70897726-89A3-436C-9FDB-C788545F9400}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{BA4F413E-3A38-497A-973B-610A810224A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CD2DEFCE-B70D-4F9F-8D3F-142409778BB8}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{FF5829EA-C0EF-4A38-8F93-B43FA680FB49}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8523DB26-BB1A-4CA6-986E-DE982276A011}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{0ED46883-4A3C-4AED-B9C5-D334CF5C033C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{8FC9C821-FC52-4F79-AB2F-EDBBE30D01D9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{0630B701-594C-4B70-A815-C9BCFF5382AD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{50E38946-51B9-4058-84D9-378650D0D3C9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C9D99022-2963-4095-9FA1-792E75610CC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{179A0428-E367-4A58-A2FB-5465A25947F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53F527F4-E22F-454F-948E-CD44D6E5C590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A3C3E7B-DE23-4898-8F5F-11BCA368664D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{870BC07C-B803-4CD7-AD55-76B762A6ECDB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3E6E3C55-7200-4B8F-88D5-E5B65C7F9E75}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{6DC0C16A-5627-462C-8564-154FCA53F6D1}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{66A650AB-B362-480A-A063-8F0DB8C82397}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{C7358CC5-A8A2-470A-911E-9DA4D2A88F7B}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [TCP Query User{27BA62EC-F8CB-4C27-A3E6-68E1BF866D80}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{8A986E2F-C525-495D-908F-279F9E2D8BB9}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{DB71F892-A98E-4DEF-89AE-D7ADD3B7BDFE}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{079FC1A9-D0BD-4234-AF94-25EB7C4DB27B}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{384665DC-28E3-4C68-8EB4-0D591D4AD7CF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C60374D2-62A4-4FA0-8565-F2ABBBD12C07}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AB9BA782-255D-4FBC-B883-D94B0F4218B7}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{D7D480A2-0E78-4EE4-A068-A3B6A212EBB2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{4FA88D29-7EA9-47BC-98A2-B94248AFBE5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-03-2017 15:59:23 Windows Update
15-05-2017 16:07:44 Windows Update
10-06-2017 17:59:16 Windows Update
16-07-2017 19:56:55 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2017 06:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0x12b8
Faulting application start time: 0x01d30b1465b302ff
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a520b344-7707-11e7-8298-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2017 06:20:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/01/2017 05:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0x11b0
Faulting application start time: 0x01d30b0c0355e2ed
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 42bd9d92-76ff-11e7-8298-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2017 05:20:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/01/2017 04:20:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0x1810
Faulting application start time: 0x01d30b03a0f8f3fe
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: e0593351-76f6-11e7-8298-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2017 04:20:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/01/2017 03:20:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0x195c
Faulting application start time: 0x01d30afb3e9b0da3
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 7df25921-76ee-11e7-8298-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2017 03:20:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/01/2017 02:20:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0x1130
Faulting application start time: 0x01d30af2dc3efd5c
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 1be1f6b2-76e6-11e7-8298-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2017 02:20:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()


System errors:
=============
Error: (07/05/2017 07:19:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/22/2017 07:39:45 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (05/17/2017 06:52:03 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (05/17/2017 06:51:51 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (03/09/2017 08:56:12 PM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (03/09/2017 08:56:09 PM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server Microsoft.ZuneMusic.AppXvxb9s7zej6xyenm55xj417dfm5jm8jhd.wwa did not register with DCOM within the required timeout.

Error: (03/09/2017 08:56:08 PM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server Microsoft.ZuneVideo.AppXba8ttwvb62e7xa2arhf0db5b38051pmg.wwa did not register with DCOM within the required timeout.

Error: (03/09/2017 07:22:30 PM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {E44E9428-BDBC-4987-A099-40DC8FD255E7} did not register with DCOM within the required timeout.

Error: (03/08/2017 09:52:00 PM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Error: (03/08/2017 09:52:00 PM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 6024.27 MB
Available physical RAM: 3628.84 MB
Total Virtual: 24456.27 MB
Available Virtual: 21798.98 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.69 GB) (Free:833.94 GB) NTFS
Drive d: (SEGARALLY2) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E4B6584)

Partition: GPT.

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

redtarget.gif
Uninstall following unwanted program: Amazon 1Button App.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.11.9.0 (x64) [Aug 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Brandon [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/03/2017 22:50:59 (Duration : 12:21:29)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1123904499-927742330-4291546209-1001\Software\SweetLabs App Platform -> Found
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1123904499-927742330-4291546209-1001\Software\SweetLabs App Platform -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} -> Found
[PUP.Pokki|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki -> Found
[PUP.Pokki|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Found
[PUP.Gen1|VT.not-a-virus:WebToolbar.Win32.Visicom.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DB68B195-EAD1-489B-9FE4-9BECBDE6EFB0} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\cleanupie.exe|Name=Panda Safe Web IE Cleaner| [7] -> Found
[PUP.Gen1|VT.not-a-virus:WebToolbar.Win32.Visicom.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8CBD053A-1A1C-46CF-AF51-4E2A5D002593} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\cleanupie.exe|Name=Panda Safe Web IE Cleaner| [7] -> Found
[PUP.Gen1|VT.not-a-virus:WebToolbar.Win32.Visicom.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C4985CC7-7BE2-4A26-98D5-A7089118D6DB} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe|Name=ToolbarCleaner| [7] -> Found
[PUP.Gen1|VT.not-a-virus:WebToolbar.Win32.Visicom.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C0D59C9-05B6-4108-80DA-A08BA60CF786} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe|Name=ToolbarCleaner| [7] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 13 ¤¤¤
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"03d432a7e610c3e908213e7689d4342ce2111caf" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"f22abfeae27a67446927d078890381efc546d3e1" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"menu" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][Folder] C:\Users\Brandon\AppData\Local\Pokki -> Found
[PUP.Gen1][Folder] C:\Users\Brandon\AppData\Local\YSearchUtil -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\pokki.exe /OPEN03d432a7e610c3e908213e7689d4342ce2111caf -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\pandasecuritytb -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"03d432a7e610c3e908213e7689d4342ce2111caf" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"f22abfeae27a67446927d078890381efc546d3e1" -> Found
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk [LNK@] C:\Users\Brandon\AppData\Local\Pokki\Engine\ServiceHostApp.exe /OPEN"menu" -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] b2475f3df005d2a741187196a32d33d3
[BSP] c8eb5a02e8dc1a3fb7a3a33a6049c5a3 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 936644 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1919944704 | Size: 16396 MB
User = LL1 ... OK
User = LL2 ... OK
 
Amazon 1 button does not show uninstall in remove programs, just repair or change. I could not find it in change. I am ok with keeping it if it is not a performance issue.
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/4/17
Scan Time: 6:49 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2511
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: AcerI5\Brandon

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325519
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 06 10:42:24 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 07-31-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Panda, panda_url_filtering


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\pandasecuritytb
PUP.Optional.Legacy, C:\Program Files (x86)\pandasecuritytb
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\pandasecuritytb
PUP.Optional.Legacy, C:\Users\Brandon\AppData\LocalLow\pandasecuritytb
PUP.Optional.Legacy, C:\Users\Default\AppData\Local\Pokki
PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\Pokki
PUP.Optional.Legacy, C:\Users\Public\Pokki
PUP.Optional.Panda, C:\Program Files\Panda Security URL Filtering


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\All Users\Desktop\eBay.lnk
PUP.Optional.Legacy, C:\Users\Public\Desktop\eBay.lnk
PUP.Optional.Legacy, C:\Users\Brandon\Desktop\Youtube.lnk
PUP.Optional.Legacy, C:\Users\Brandon\Desktop\Continue installation .lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, Pokki


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dl.niceminecraft.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gang-beasts.en.softonic.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\niceminecraft.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Directory\shell\pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Drive\shell\pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
PUP.Adware.Heuristic, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
PUP.Adware.Heuristic, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
Sorry, I missed that one. I will get it this evening. Is the rogue log ok? I could not get the after to cut and paste. Too big, I guess, even split up. It would not paste.
 
# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 07 09:47:03 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: panda_url_filtering


***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\pandasecuritytb
Deleted: C:\Program Files (x86)\pandasecuritytb
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\pandasecuritytb
Deleted: C:\Users\Brandon\AppData\LocalLow\pandasecuritytb
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Default User\AppData\Local\Pokki
Deleted: C:\Users\Public\Pokki
Deleted: C:\Program Files\Panda Security URL Filtering


***** [ Files ] *****

Deleted: C:\Users\All Users\Desktop\eBay.lnk
Deleted: C:\Users\Public\Desktop\eBay.lnk
Deleted: C:\Users\Brandon\Desktop\Youtube.lnk
Deleted: C:\Users\Brandon\Desktop\Continue installation .lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Pokki


***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dl.niceminecraft.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gang-beasts.en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\niceminecraft.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Deleted: [Key] - HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted: [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Directory\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Drive\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4389 B] - [2017/8/6 10:42:24]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64
Ran by Brandon (Administrator) on Mon 08/07/2017 at 5:55:59.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 8

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7DEA6271-F62B-45DC-A3A8-BEB0D1DB36B5} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/07/2017 at 6:03:13.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Oh, yes...sorry about it :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017
Ran by Brandon (administrator) on ACERI5 (07-08-2017 22:11:40)
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon (Available Profiles: Brandon)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELANMicroelectronicsCorp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (RealtekSemiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (RealtekSemiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (AppleInc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (AppleInc.)
HKLM-x32\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (OracleCorporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (PandaSecurity,S.L.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [Start WingMan Profiler] => [X]
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoSCorporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoSCorporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A2A1C2B1-BCAC-420C-82B4-3DF9A15A81AC}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B70EDA39-35EB-4E7F-8E7A-2ECAC6F45200}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-07-25] (McAfee,Inc.)
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-03] (OracleCorporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-07-25] (McAfee,Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-03] (OracleCorporation)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-07-25] (McAfee,Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-07-25] (McAfee,Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-07-25] (McAfee,Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-07-25] (McAfee,Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C214US662D20140609&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default [2017-08-07]
CHR Extension: (Google Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-03-10]
CHR Extension: (Google Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-03]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-03]
CHR Extension: (Google Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (AppleInc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows(R)Win7DDKprovider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (AcerIncorporated)
R2 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (AcerIncorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELANMicroelectronicsCorp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO:<Companyname>) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R)Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (IntelCorporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (AcerIncorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-07-25] (McAfee,Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee,Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee,Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (PandaSecurity,S.L.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (SymantecCorporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (PandaSecurity,S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (PandaSecurity,S.L.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (MicrosoftCorporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (MicrosoftCorporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (QualcommAtherosCommunications,Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (BroadcomCorporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (QualcommAtheros)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoSCorporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (SymantecCorporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee,Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 ETD; C:\Windows\system32\DRIVERS\ETD.sys [370504 2013-09-06] (ELANMicroelectronicsCorp.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (AcerIncorporated)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-08-07] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (IntelCorporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee,Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee,Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee,Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee,Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee,Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee,Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee,Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (PandaSecurity,S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (PandaSecurity,S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (PandaSecurity,S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (PandaSecurity,S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (PandaSecurity,S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (PandaSecurity,S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [88400 2016-06-29] (PandaSecurity,S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (PandaSecurity,S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (PandaSecurity,S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (PandaSecurity,S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (PandaSecurity,S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (PandaSecurity,S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (PandaSecurity,S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (PandaSecurity,S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (PandaSecurity,S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (PandaSecurity,S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (PandaSecurity,S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (PandaSecurity,S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (PandaSecurity,S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (PandaSecurity,S.L.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (AcerIncorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.comandSUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.comandSUPERAntiSpyware.com)
S0 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIATechnologies,Inc.)
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIATechnologiesInc.,Ltd)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (MicrosoftCorporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (MicrosoftCorporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (MicrosoftCorporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========
 
If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-07 22:11 - 2017-08-07 22:11 - 000000000 ____D C:\Users\Brandon\Downloads\FRST-OlderVersion
2017-08-07 21:51 - 2017-08-07 21:51 - 000001202 _____ C:\Users\Brandon\Desktop\malwarebytes scan.txt
2017-08-07 06:03 - 2017-08-07 06:03 - 000001692 _____ C:\Users\Brandon\Desktop\JRT.txt
2017-08-07 05:51 - 2017-08-07 05:51 - 001790024 _____ (Malwarebytes) C:\Users\Brandon\Downloads\JRT.exe
2017-08-07 05:49 - 2016-08-08 05:00 - 000070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-08-06 06:39 - 2017-08-07 05:47 - 000000000 ____D C:\AdwCleaner
2017-08-06 06:39 - 2017-08-06 06:39 - 008185288 _____ (Malwarebytes) C:\Users\Brandon\Downloads\AdwCleaner.exe
2017-08-04 18:47 - 2017-08-04 18:47 - 001236128 _____ C:\Users\Brandon\Desktop\roguekiller after.txt
2017-08-04 18:43 - 2017-08-04 18:48 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-04 18:42 - 2017-08-07 20:56 - 000093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-04 18:42 - 2017-08-07 05:49 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-04 18:42 - 2017-08-07 05:49 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-04 18:42 - 2017-08-07 05:49 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-04 18:42 - 2017-08-04 18:42 - 000001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-04 18:42 - 2017-08-04 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-04 18:42 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-04 18:41 - 2017-08-04 18:41 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-04 18:38 - 2017-08-04 18:38 - 065033984 _____ (Malwarebytes ) C:\Users\Brandon\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-03 22:51 - 2017-08-03 22:51 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-08-03 08:02 - 2017-08-03 08:02 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk
2017-08-03 08:02 - 2017-08-03 08:02 - 000002228 _____ C:\Users\Public\Desktop\Panda Protection.lnk
2017-08-03 08:02 - 2017-08-03 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection
2017-08-03 07:55 - 2017-08-04 18:47 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-03 07:37 - 2017-08-03 07:37 - 000000874 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-03 07:37 - 2017-08-03 07:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-03 07:37 - 2017-08-03 07:37 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-03 07:34 - 2017-08-03 07:35 - 035664000 _____ (Adlice Software ) C:\Users\Brandon\Downloads\RogueKiller_setup_ref3.exe
2017-08-01 20:03 - 2017-08-01 20:03 - 000001824 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-08-01 20:03 - 2017-08-01 20:03 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2017-08-01 20:03 - 2017-08-01 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-08-01 20:02 - 2017-08-01 20:02 - 030371416 _____ (SUPERAntiSpyware) C:\Users\Brandon\Downloads\SUPERAntiSpyware (3).exe
2017-08-01 20:02 - 2017-08-01 20:02 - 030371416 _____ (SUPERAntiSpyware) C:\Users\Brandon\Downloads\SUPERAntiSpyware (2).exe
2017-08-01 20:02 - 2017-08-01 20:02 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-08-01 19:59 - 2017-08-01 19:59 - 030371416 _____ (SUPERAntiSpyware) C:\Users\Brandon\Downloads\SUPERAntiSpyware (1).exe
2017-08-01 18:46 - 2017-08-01 18:47 - 000045892 _____ C:\Users\Brandon\Downloads\Addition.txt
2017-08-01 18:43 - 2017-08-07 22:12 - 000021589 _____ C:\Users\Brandon\Downloads\FRST.txt
2017-08-01 18:43 - 2017-08-07 22:11 - 000000000 ____D C:\FRST
2017-08-01 18:42 - 2017-08-07 22:11 - 002381312 _____ (Farbar) C:\Users\Brandon\Downloads\FRST64.exe
2017-07-31 19:52 - 2017-06-29 20:27 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-31 19:52 - 2017-06-29 20:27 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-17 16:33 - 2017-07-06 04:52 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-17 16:33 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-17 16:33 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-17 16:33 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-17 16:33 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-17 16:33 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-17 16:33 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-17 16:33 - 2017-06-29 01:17 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-17 16:33 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-17 16:33 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-17 16:33 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-17 16:33 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-17 16:33 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-17 16:33 - 2017-06-29 00:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-17 16:33 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-17 16:33 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-17 16:33 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-17 16:33 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-17 16:33 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-17 16:33 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-17 16:33 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-17 16:33 - 2017-06-27 10:29 - 007796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-17 16:33 - 2017-06-27 10:29 - 007077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-17 16:33 - 2017-06-27 10:26 - 005274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-17 16:33 - 2017-06-27 10:26 - 005268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-17 16:33 - 2017-06-22 10:22 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-17 16:33 - 2017-06-17 12:45 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-17 16:33 - 2017-06-17 12:34 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-17 16:33 - 2017-06-17 12:11 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-17 16:33 - 2017-06-17 12:05 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-17 16:33 - 2017-06-15 18:02 - 000990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-17 16:33 - 2017-06-15 09:45 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-17 16:33 - 2017-06-15 09:45 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-17 16:33 - 2017-06-15 09:45 - 001534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-17 16:33 - 2017-06-15 09:45 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-17 16:33 - 2017-06-15 09:45 - 001370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-17 16:33 - 2017-06-15 09:45 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-17 16:33 - 2017-06-11 20:06 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-17 16:33 - 2017-06-11 18:21 - 000590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-17 16:33 - 2017-06-11 17:43 - 000371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-17 16:33 - 2017-06-11 17:25 - 000478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-17 16:33 - 2017-06-11 17:15 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-17 16:33 - 2017-06-11 17:08 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-17 16:33 - 2017-06-11 17:07 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-17 16:33 - 2017-06-11 17:00 - 000962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-17 16:33 - 2017-06-11 16:58 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-17 16:33 - 2017-06-11 16:40 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-17 16:33 - 2017-06-11 16:35 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-17 16:33 - 2017-06-11 16:31 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-17 16:33 - 2017-06-11 11:15 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-17 16:33 - 2017-06-06 16:52 - 003120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-17 16:33 - 2017-06-06 16:42 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-17 16:33 - 2017-06-06 16:38 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-17 16:33 - 2017-06-06 16:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-17 16:33 - 2017-06-06 16:36 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-17 16:33 - 2017-06-06 16:35 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-17 16:33 - 2017-06-06 15:13 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-17 16:33 - 2017-06-06 15:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-17 16:33 - 2017-06-06 15:08 - 002712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-17 16:33 - 2017-06-06 15:03 - 000837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-17 16:33 - 2017-06-06 14:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-17 16:33 - 2017-06-06 14:57 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-17 16:33 - 2017-06-06 14:56 - 000375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-17 16:33 - 2017-06-06 14:03 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-17 16:33 - 2017-06-06 14:02 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-17 16:33 - 2017-06-03 12:27 - 002346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-17 16:33 - 2017-06-03 12:03 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-17 16:33 - 2017-05-31 17:20 - 000470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-17 16:33 - 2017-05-15 18:09 - 000057688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-17 16:33 - 2017-05-15 16:03 - 000379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-17 16:33 - 2017-05-09 10:37 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-17 16:33 - 2017-05-09 10:35 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-17 16:33 - 2017-05-09 10:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-17 16:33 - 2017-05-09 10:29 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-17 16:33 - 2017-05-09 10:28 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-17 16:33 - 2017-05-09 10:28 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-17 16:33 - 2017-05-09 10:12 - 000448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-17 16:33 - 2017-05-06 12:45 - 001114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-17 16:33 - 2017-05-06 12:41 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-17 16:33 - 2017-05-02 16:09 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-17 16:33 - 2017-05-02 16:08 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-17 16:33 - 2017-05-02 16:08 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-17 16:33 - 2017-05-02 14:41 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-17 16:33 - 2017-05-02 14:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-17 16:33 - 2017-05-02 14:31 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-17 16:33 - 2017-05-02 13:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-17 16:33 - 2017-04-30 12:48 - 000080078 _____ C:\Windows\system32\normidna.nls
2017-07-17 16:33 - 2017-04-27 21:13 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-17 16:33 - 2017-04-27 21:11 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-17 16:33 - 2016-05-18 17:54 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2017-07-17 16:33 - 2016-05-18 17:15 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2017-07-16 19:59 - 2017-07-16 19:59 - 000000000 ____D C:\Users\Brandon\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 09:36 - 2014-01-15 03:44 - 000000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2017-08-07 21:57 - 2014-06-09 02:15 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123904499-927742330-4291546209-1001
2017-08-07 16:05 - 2016-12-03 14:41 - 000002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 16:05 - 2016-12-03 14:41 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-07 05:53 - 2013-12-16 00:01 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-07 05:53 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-08-07 05:48 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-07 05:48 - 2013-08-22 10:44 - 000436784 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-04 18:46 - 2014-06-09 02:53 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\.minecraft
2017-08-04 18:42 - 2016-12-03 14:39 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-08-04 18:41 - 2016-12-03 13:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-04 11:11 - 2013-08-22 11:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-08-03 08:03 - 2015-10-27 17:42 - 000000000 ____D C:\Program Files (x86)\Panda Security
2017-08-03 08:02 - 2015-10-27 17:44 - 000000000 ____D C:\ProgramData\panda_url_filtering
2017-08-02 20:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2017-08-01 20:03 - 2016-12-03 14:39 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-01 19:56 - 2015-11-09 13:03 - 000043520 ___SH C:\Users\Brandon\Desktop\Thumbs.db
2017-08-01 19:54 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-08-01 19:00 - 2014-06-10 12:41 - 000000000 ____D C:\Windows\system32\MRT
2017-08-01 18:54 - 2014-06-10 12:41 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-17 16:42 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2017-07-17 16:40 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-07-16 19:59 - 2016-03-20 17:25 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-07-16 19:58 - 2016-03-20 17:30 - 000000994 _____ C:\Users\Brandon\Desktop\nativelog.txt
2017-07-16 19:56 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness

==================== Files in the root of some directories =======

2015-12-12 16:37 - 1999-10-20 18:40 - 000636928 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\AdvTelop.dll
2015-12-12 16:37 - 1999-10-20 18:40 - 000699392 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Champagn.dll
2015-12-12 16:37 - 1999-05-17 18:53 - 000001078 ____N () C:\Program Files (x86)\ControllerSettings.ico
2015-12-12 16:43 - 2000-04-12 05:46 - 000053248 _____ (SEGA.COM) C:\Program Files (x86)\GOTOHEAT.EXE
2015-12-12 16:37 - 2000-08-07 16:11 - 000630784 ____N () C:\Program Files (x86)\LAUNCH.EXE
2015-12-12 16:37 - 1999-10-20 18:44 - 000642048 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MainMode.dll
2015-12-12 16:37 - 1999-06-11 19:13 - 000045056 _____ () C:\Program Files (x86)\miscdll.dll
2015-12-12 16:37 - 1999-05-23 21:34 - 000000000 _____ () C:\Program Files (x86)\MPDATA.DAT
2015-12-12 16:37 - 1999-06-01 15:22 - 000000000 _____ () C:\Program Files (x86)\MPDATA.TMP
2015-12-12 16:37 - 1999-10-20 18:40 - 001137152 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSelect.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_E.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_F.dll
2015-12-12 16:37 - 1999-05-31 16:49 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_G.dll
2015-12-12 16:37 - 1999-05-31 06:31 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_I.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_J.dll
2015-12-12 16:37 - 1999-11-02 15:31 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_S.dll
2015-12-12 16:37 - 1999-10-20 18:44 - 000767488 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Options.dll
2015-12-12 16:37 - 1999-04-27 18:45 - 000057344 _____ () C:\Program Files (x86)\PASSWORD.dll
2015-12-12 16:42 - 2000-09-18 12:53 - 000019777 _____ () C:\Program Files (x86)\README.txt
2015-12-12 16:37 - 1999-10-20 18:45 - 001146880 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Record.dll
2015-12-12 16:37 - 1999-10-20 18:45 - 000792576 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\ReplayGallery.dll
2015-12-12 16:37 - 2015-12-12 16:38 - 001472000 ____N (Sega Enterprises, Ltd.) C:\Program Files (x86)\SEGA RALLY 2.exe
2015-12-12 16:37 - 1999-10-20 18:45 - 000615424 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\SegaLogo.dll
2015-12-12 16:37 - 1999-02-15 22:30 - 000141824 _____ () C:\Program Files (x86)\spcArcdll.dll
2015-12-12 16:37 - 2015-12-12 19:30 - 000000100 _____ () C:\Program Files (x86)\SR2.CFG
2015-12-12 16:42 - 1999-05-31 07:20 - 000045056 _____ () C:\Program Files (x86)\SR2_MSG.dll
2015-12-12 16:37 - 2015-12-12 19:30 - 000029456 _____ () C:\Program Files (x86)\SR2_SAVE.DAT
2015-12-12 16:37 - 1999-10-20 18:45 - 000637952 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Title.dll
2015-12-12 16:37 - 2015-12-12 17:01 - 000628516 _____ () C:\Program Files (x86)\Uninst.isu
2015-12-12 16:37 - 2000-06-14 14:12 - 000612352 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\VendorLogo.dll
2014-06-12 10:05 - 2014-06-12 10:05 - 000035840 ___SH () C:\Users\Brandon\AppData\Roaming\Thumbs.db
2014-01-15 03:44 - 2014-01-15 03:44 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-09 02:23 - 2014-06-09 02:23 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
2017-08-03 07:55 - 2017-05-14 14:06 - 001737600 _____ (Microsoft Corporation) C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-06 06:53

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2017
Ran by Brandon (07-08-2017 22:13:25)
Running from C:\Users\Brandon\Downloads
Windows 8.1 (Update) (X64) (2014-06-09 06:09:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1123904499-927742330-4291546209-500 - Administrator - Disabled)
Brandon (S-1-5-21-1123904499-927742330-4291546209-1001 - Administrator - Enabled) => C:\Users\Brandon
Guest (S-1-5-21-1123904499-927742330-4291546209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1123904499-927742330-4291546209-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3006 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3014 - Acer Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-798af528-50bf-4694-a200-9b96a2fe9a7f) (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-411cc428-4f33-4d9d-bce5-dabe320c2788) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-dd2ac1c0-7b1d-4a16-83c2-03a3084375b0) (Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
iExplorer 3.8.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-0f747c3d-6880-4ea8-833c-63f13badcb64) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-72cd91f0-6c13-4fe8-b0c3-6cf7b94c8602) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\NARA) (Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.23 - Panda Security and Visicom Media Inc.)
Peggle Nights (HKLM-x32\...\WTA-8a7d75b7-b255-4103-af25-26f3bf0019df) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-080fb413-2b0c-43ad-9ff3-1b7e1597e630) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
SEGA RALLY 2 (HKLM-x32\...\SEGA RALLY 2) (Version: - )
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-d6007307-c8ab-44eb-bed5-77c5e59325dc) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-3aea57b8-d140-48cf-b48d-788f3fdaaadc) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
WingMan Software (HKLM-x32\...\{435673AB-6821-416D-806A-E477DFA60A42}) (Version: 4.20 - Logitech)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoSCorporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2014-10-28] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoSCorporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (IgorPavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2014-10-28] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers1: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2016-08-25] (MicrosoftCorporation)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (PandaSecurity,S.L.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-22] (WinZipComputing,S.L.)
ContextMenuHandlers1: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => C:\Windows\System32\WorkfoldersShell.dll [2014-10-28] (MicrosoftCorporation)
ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\System32\EhStorShell.dll [2014-10-28] (MicrosoftCorporation)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2016-08-25] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (IgorPavlov)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2016-08-25] (MicrosoftCorporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-22] (WinZipComputing,S.L.)
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => C:\Windows\System32\WorkfoldersShell.dll [2014-10-28] (MicrosoftCorporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-01] (IntelCorporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2016-08-25] (MicrosoftCorporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (PandaSecurity,S.L.)
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => C:\Windows\System32\WorkfoldersShell.dll [2014-10-28] (MicrosoftCorporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (IgorPavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2014-10-28] (MicrosoftCorporation)
ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\system32\shell32.dll [2017-05-11] (MicrosoftCorporation)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (PandaSecurity,S.L.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-22] (WinZipComputing,S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006E650B-C0F4-4DA5-ADB8-C4BD9A2F842B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2014-10-28] (MicrosoftCorporation)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2014-10-28] (MicrosoftCorporation)
Task: {1FC7FA46-07C1-4AD2-93E5-8377FC70936E} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2014-10-28] (MicrosoftCorporation)
Task: {27E04B6B-8CBC-480F-A360-D1AEDFCBDB60} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (DolbyLaboratoriesInc.)
Task: {2BA48461-B0A4-4CD2-AF43-D5F113152CB4} - \Prelauncher -> No File <==== ATTENTION
Task: {2BC666B2-C77B-492D-A698-30536C6C4D42} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2014-10-28] (MicrosoftCorporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (MicrosoftCorporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2015-07-13] (MicrosoftCorporation)
Task: {4C0F55E9-2D7A-4FB7-AA9A-B500C253CF20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-03] (GoogleInc.)
Task: {4FBF0370-DFF5-44B6-9BC2-249EFC892A49} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {5EBBAA7B-0395-4280-BE05-3040E922BD3B} - \{353FAED2-EA1F-4DCE-A29F-1AC4C5277C35} -> No File <==== ATTENTION
Task: {6123947E-3F6A-47B8-9F00-64959B71F4DF} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {66683958-634D-4AFF-ABB3-9C2F69676183} - \Power Management -> No File <==== ATTENTION
Task: {6A23E752-E558-477A-A96A-2D2215C1B332} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-27] (AcerIncorporated)
Task: {6D21C8E9-C77F-4EE7-9252-2D30C930528A} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2014-10-28] (MicrosoftCorp.)
Task: {716B0B38-AA3E-4C18-8A8C-61E8A1238516} - \{B97575D0-9F3C-4E7A-8C15-412D2CB0A2FF} -> No File <==== ATTENTION
Task: {71C4564D-DCC7-46E0-A87B-CA466D3A881E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (AcerIncorporated)
Task: {73D1388C-336E-40EC-B0B4-62CB862AF2BE} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2014-10-28] (MicrosoftCorporation)
Task: {78F11E08-9C76-45F2-8634-7E649098DBE0} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (SymantecCorporation)
Task: {7A1CA63A-3611-4E61-AAFA-1B56F8746F3A} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2014-10-28] (MicrosoftCorporation)
Task: {7DD666D5-AC93-428A-B051-BD4F13C8356D} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2014-10-28] (MicrosoftCorporation)
Task: {84400372-B6DB-4852-B387-6CE186EAE25B} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2014-10-28] (MicrosoftCorporation)
Task: {880E1F8A-67D4-4D77-A0E4-C6429E5BFB4F} - \prelauncher_First -> No File <==== ATTENTION
Task: {8BFE078A-B3EA-49F4-9985-790C500A12EC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-10-28] (MicrosoftCorporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2014-10-28] (MicrosoftCorporation)
Task: {A44A1624-C719-4A46-8833-AA65471469C9} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2014-10-28] (MicrosoftCorporation)
Task: {A7E8CB14-A617-4D50-8DBA-9C088F16D845} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-03] (GoogleInc.)
Task: {AAA89DAF-1B4F-447D-AF21-7F0559AC9962} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2014-10-28] (MicrosoftCorporation)
Task: {B2C7D0EB-BD1F-4D86-9C6B-5549F4EF0D81} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-09-13] (AcerIncorporated)
Task: {BC537794-54F5-4702-8CEB-06F584ECD24A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2014-10-28] (MicrosoftCorporation)
Task: {BFDB152E-87E3-4799-9897-BAA48E8E4DFE} - \Screen Grasp GestureDetection -> No File <==== ATTENTION
Task: {C2599556-050C-48B7-98E3-CD224A313FE3} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\Windows\system32\appidcertstorecheck.exe [2014-10-28] (MicrosoftCorporation)
Task: {C523E1A2-15AD-4A53-83F5-1B23C3001107} - System32\Tasks\{B434E1F3-FC8F-4636-9855-EA0D7FEEEB17} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\control.exe -d C:\Windows\SysWOW64 -c "C:\Windows\SysWOW64\sr2_cpl.cpl",
Task: {CBD3EF37-0E38-431A-A6E8-607C56893A63} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2014-10-28] (MicrosoftCorporation)
Task: {D2CE8B43-AA29-4088-A32E-014E180C59B4} - \Touch Tools Launcher -> No File <==== ATTENTION
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2014-10-28] (MicrosoftCorporation)
Task: {E075AC73-7FC0-4ACD-9F28-DD590C391C1C} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2014-10-29] (MicrosoftCorporation)
Task: {F17B4C93-CB99-4567-B92A-18A981DEAD41} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (AcerIncorporate)
Task: {F7E979B8-5E06-4FDC-B496-8DB9652CB087} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=adnlfjpnmidfimlkaohpidplnoimahfh
ShortcutWithArgument: C:\Users\Public\Desktop\PRIVATE WiFi.lnk -> C:\Program Files\PRIVATE WiFi\StartURL.exe () -> hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default

==================== Loaded Modules (Whitelisted) ==============

2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-04 18:42 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-06-30 18:54 - 2017-06-22 23:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-30 18:54 - 2017-06-22 23:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2013-07-08 18:34 - 2013-07-08 18:34 - 004150312 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2015-12-15 13:17 - 2015-12-15 13:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-01-15 03:39 - 2013-09-16 15:20 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D116C8D9-CEA0-4829-9242-AABD4CE085D3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{4A0B499D-F187-45B2-839D-FF7BAE526144}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{33DBC11E-1EDA-4B28-8DEC-F7C47EBF6B1D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7FF4C6E9-D498-4BDE-8C33-506BA01401DD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F3DFB9BE-7569-4628-BD9E-0C415FBE97EE}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4235766D-287D-4845-84D0-5A0A764DBC2D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{FC35BC78-A7E9-4865-876C-94CEAF5DF2A1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A1D0511A-C3A0-4C6F-9C25-49B44C8E14F9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1BCA69BD-DC44-4676-BA9E-57F5605A2C79}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{AF908593-69B2-4CB7-B07A-CCEB2A144EB0}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{35C30AC2-CCEB-4970-B764-35C75DDA2288}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{627338D1-2649-444D-8C7A-32869D7B83EC}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{276DE69E-2A2B-4138-AD9C-642EA1D08431}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{32F08CA8-466C-43C2-866B-5C123E8F6DAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{37719F36-4097-458D-99E6-BE5195B46CCC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E00D346C-22D3-445A-A21C-CEC93A8C45B2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{B5A11760-FC49-481F-8BEB-93D9147B63FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A18B220A-D2A6-4F0D-A69F-37FCBB242030}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{06616D13-90E1-4EA5-B232-A5E8C65166A1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6B442212-B6AA-4B66-86AA-8D4AD27D94BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{25F179AD-BB48-4F3D-A49C-9E88B5E7CAAC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{9BBADF6F-9599-4F81-A779-3BC11F63FA2B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E5C40BF0-F999-4B81-8DF1-EB5ABD50C946}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E9669AD5-939B-4104-AE36-B6E7CBA109E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{4AE990DF-FEFF-476C-AE13-AD6C1850B60D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{888C7E47-2EE5-4CB7-B7A5-AAB4FB12F15D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DCC47D20-9951-46CC-A1D5-E1152CDF010E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{EA44727C-C103-4CB9-A2DF-606C241AC97B}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{65CD2C3C-1E00-4523-BEFE-5D9DDD780AD7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{1B330949-3645-4802-968F-FF4D2F150C77}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{99280DA9-581B-40AC-A3A5-093A469C4AA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{042A9EE1-25DA-4146-A08F-9A0334669F19}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{2C035EA4-5959-4FB3-A1A9-C0FB614136CD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0FC3D221-73A6-44E3-BF83-ADA962E8109B}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{70897726-89A3-436C-9FDB-C788545F9400}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{BA4F413E-3A38-497A-973B-610A810224A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CD2DEFCE-B70D-4F9F-8D3F-142409778BB8}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{FF5829EA-C0EF-4A38-8F93-B43FA680FB49}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8523DB26-BB1A-4CA6-986E-DE982276A011}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{0ED46883-4A3C-4AED-B9C5-D334CF5C033C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{8FC9C821-FC52-4F79-AB2F-EDBBE30D01D9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{0630B701-594C-4B70-A815-C9BCFF5382AD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{50E38946-51B9-4058-84D9-378650D0D3C9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C9D99022-2963-4095-9FA1-792E75610CC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{179A0428-E367-4A58-A2FB-5465A25947F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53F527F4-E22F-454F-948E-CD44D6E5C590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A3C3E7B-DE23-4898-8F5F-11BCA368664D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{870BC07C-B803-4CD7-AD55-76B762A6ECDB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{27BA62EC-F8CB-4C27-A3E6-68E1BF866D80}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{8A986E2F-C525-495D-908F-279F9E2D8BB9}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{DB71F892-A98E-4DEF-89AE-D7ADD3B7BDFE}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{079FC1A9-D0BD-4234-AF94-25EB7C4DB27B}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{384665DC-28E3-4C68-8EB4-0D591D4AD7CF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C60374D2-62A4-4FA0-8565-F2ABBBD12C07}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AB9BA782-255D-4FBC-B883-D94B0F4218B7}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{D7D480A2-0E78-4EE4-A068-A3B6A212EBB2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{95711FBF-336A-4BAE-AA86-6E1BF53FAF0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-08-2017 18:52:42 Windows Update
07-08-2017 05:56:02 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2017 10:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0xa84
Faulting application start time: 0x01d30fea96a54636
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: d80c5004-7bdd-11e7-829a-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2017 10:04:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/07/2017 07:03:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0xfd0
Faulting application start time: 0x01d30f6cd2ff2591
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 12990f4b-7b60-11e7-829a-485ab64fafcc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2017 07:03:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/07/2017 06:13:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/07/2017 06:13:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/07/2017 06:13:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/07/2017 06:05:37 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/07/2017 06:05:37 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/07/2017 06:05:37 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.


System errors:
=============
Error: (08/07/2017 06:14:17 AM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (08/07/2017 06:13:47 AM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (08/07/2017 06:05:03 AM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (08/07/2017 06:04:32 AM) (Source: DCOM) (EventID: 10010) (User: AcerI5)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (08/07/2017 05:47:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:
The service has not been started.

Error: (08/07/2017 05:47:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
%%109 = The pipe has been ended.

Error: (08/07/2017 05:46:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/07/2017 05:46:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/07/2017 05:46:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (08/07/2017 05:46:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 37%
Total physical RAM: 6024.27 MB
Available physical RAM: 3772.63 MB
Total Virtual: 24456.27 MB
Available Virtual: 21992.69 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.69 GB) (Free:839.27 GB) NTFS
Drive d: (SEGARALLY2) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E4B6584)

Partition: GPT.

==================== End of Addition.txt ============================
 
redtarget.gif
You have some McAfee leftovers, so run this tool to remove them: https://www.techspot.com/downloads/5392-mcafee-software-uninstaller.html

redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.7 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-08-2017
Ran by Brandon (08-08-2017 22:32:29) Run:1
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon (Available Profiles: Brandon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [Start WingMan Profiler] => [X]
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
2015-12-12 16:37 - 1999-10-20 18:40 - 000636928 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\AdvTelop.dll
2015-12-12 16:37 - 1999-10-20 18:40 - 000699392 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Champagn.dll
2015-12-12 16:37 - 1999-05-17 18:53 - 000001078 ____N () C:\Program Files (x86)\ControllerSettings.ico
2015-12-12 16:43 - 2000-04-12 05:46 - 000053248 _____ (SEGA.COM) C:\Program Files (x86)\GOTOHEAT.EXE
2015-12-12 16:37 - 2000-08-07 16:11 - 000630784 ____N () C:\Program Files (x86)\LAUNCH.EXE
2015-12-12 16:37 - 1999-10-20 18:44 - 000642048 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MainMode.dll
2015-12-12 16:37 - 1999-06-11 19:13 - 000045056 _____ () C:\Program Files (x86)\miscdll.dll
2015-12-12 16:37 - 1999-05-23 21:34 - 000000000 _____ () C:\Program Files (x86)\MPDATA.DAT
2015-12-12 16:37 - 1999-06-01 15:22 - 000000000 _____ () C:\Program Files (x86)\MPDATA.TMP
2015-12-12 16:37 - 1999-10-20 18:40 - 001137152 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSelect.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_E.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_F.dll
2015-12-12 16:37 - 1999-05-31 16:49 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_G.dll
2015-12-12 16:37 - 1999-05-31 06:31 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_I.dll
2015-12-12 16:37 - 1999-10-20 16:54 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_J.dll
2015-12-12 16:37 - 1999-11-02 15:31 - 000045056 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\MSG_S.dll
2015-12-12 16:37 - 1999-10-20 18:44 - 000767488 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Options.dll
2015-12-12 16:37 - 1999-04-27 18:45 - 000057344 _____ () C:\Program Files (x86)\PASSWORD.dll
2015-12-12 16:42 - 2000-09-18 12:53 - 000019777 _____ () C:\Program Files (x86)\README.txt
2015-12-12 16:37 - 1999-10-20 18:45 - 001146880 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Record.dll
2015-12-12 16:37 - 1999-10-20 18:45 - 000792576 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\ReplayGallery.dll
2015-12-12 16:37 - 2015-12-12 16:38 - 001472000 ____N (Sega Enterprises, Ltd.) C:\Program Files (x86)\SEGA RALLY 2.exe
2015-12-12 16:37 - 1999-10-20 18:45 - 000615424 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\SegaLogo.dll
2015-12-12 16:37 - 1999-02-15 22:30 - 000141824 _____ () C:\Program Files (x86)\spcArcdll.dll
2015-12-12 16:37 - 2015-12-12 19:30 - 000000100 _____ () C:\Program Files (x86)\SR2.CFG
2015-12-12 16:42 - 1999-05-31 07:20 - 000045056 _____ () C:\Program Files (x86)\SR2_MSG.dll
2015-12-12 16:37 - 2015-12-12 19:30 - 000029456 _____ () C:\Program Files (x86)\SR2_SAVE.DAT
2015-12-12 16:37 - 1999-10-20 18:45 - 000637952 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\Title.dll
2015-12-12 16:37 - 2015-12-12 17:01 - 000628516 _____ () C:\Program Files (x86)\Uninst.isu
2015-12-12 16:37 - 2000-06-14 14:12 - 000612352 _____ (Sega Enterprises, Ltd.) C:\Program Files (x86)\VendorLogo.dll
2014-06-12 10:05 - 2014-06-12 10:05 - 000035840 ___SH () C:\Users\Brandon\AppData\Roaming\Thumbs.db
2014-01-15 03:44 - 2014-01-15 03:44 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-09 02:23 - 2014-06-09 02:23 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-08-03 07:55 - 2017-05-14 14:06 - 001737600 _____ (Microsoft Corporation) C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll
Task: {2BA48461-B0A4-4CD2-AF43-D5F113152CB4} - \Prelauncher -> No File <==== ATTENTION
Task: {5EBBAA7B-0395-4280-BE05-3040E922BD3B} - \{353FAED2-EA1F-4DCE-A29F-1AC4C5277C35} -> No File <==== ATTENTION
Task: {66683958-634D-4AFF-ABB3-9C2F69676183} - \Power Management -> No File <==== ATTENTION
Task: {716B0B38-AA3E-4C18-8A8C-61E8A1238516} - \{B97575D0-9F3C-4E7A-8C15-412D2CB0A2FF} -> No File <==== ATTENTION
Task: {880E1F8A-67D4-4D77-A0E4-C6429E5BFB4F} - \prelauncher_First -> No File <==== ATTENTION
Task: {BFDB152E-87E3-4799-9897-BAA48E8E4DFE} - \Screen Grasp GestureDetection -> No File <==== ATTENTION
Task: {D2CE8B43-AA29-4088-A32E-014E180C59B4} - \Touch Tools Launcher -> No File <==== ATTENTION

*****************

HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Start WingMan Profiler => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key removed successfully
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value removed successfully
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key not found.
C:\Program Files (x86)\AdvTelop.dll => moved successfully
C:\Program Files (x86)\Champagn.dll => moved successfully
C:\Program Files (x86)\ControllerSettings.ico => moved successfully
C:\Program Files (x86)\GOTOHEAT.EXE => moved successfully
C:\Program Files (x86)\LAUNCH.EXE => moved successfully
C:\Program Files (x86)\MainMode.dll => moved successfully
C:\Program Files (x86)\miscdll.dll => moved successfully
C:\Program Files (x86)\MPDATA.DAT => moved successfully
C:\Program Files (x86)\MPDATA.TMP => moved successfully
C:\Program Files (x86)\MSelect.dll => moved successfully
C:\Program Files (x86)\MSG_E.dll => moved successfully
C:\Program Files (x86)\MSG_F.dll => moved successfully
C:\Program Files (x86)\MSG_G.dll => moved successfully
C:\Program Files (x86)\MSG_I.dll => moved successfully
C:\Program Files (x86)\MSG_J.dll => moved successfully
C:\Program Files (x86)\MSG_S.dll => moved successfully
C:\Program Files (x86)\Options.dll => moved successfully
C:\Program Files (x86)\PASSWORD.dll => moved successfully
C:\Program Files (x86)\README.txt => moved successfully
C:\Program Files (x86)\Record.dll => moved successfully
C:\Program Files (x86)\ReplayGallery.dll => moved successfully
C:\Program Files (x86)\SEGA RALLY 2.exe => moved successfully
C:\Program Files (x86)\SegaLogo.dll => moved successfully
C:\Program Files (x86)\spcArcdll.dll => moved successfully
C:\Program Files (x86)\SR2.CFG => moved successfully
C:\Program Files (x86)\SR2_MSG.dll => moved successfully
C:\Program Files (x86)\SR2_SAVE.DAT => moved successfully
C:\Program Files (x86)\Title.dll => moved successfully
C:\Program Files (x86)\Uninst.isu => moved successfully
C:\Program Files (x86)\VendorLogo.dll => moved successfully
C:\Users\Brandon\AppData\Roaming\Thumbs.db => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc => moved successfully
C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BA48461-B0A4-4CD2-AF43-D5F113152CB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BA48461-B0A4-4CD2-AF43-D5F113152CB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Prelauncher => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EBBAA7B-0395-4280-BE05-3040E922BD3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EBBAA7B-0395-4280-BE05-3040E922BD3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{353FAED2-EA1F-4DCE-A29F-1AC4C5277C35} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66683958-634D-4AFF-ABB3-9C2F69676183} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66683958-634D-4AFF-ABB3-9C2F69676183} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Management => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{716B0B38-AA3E-4C18-8A8C-61E8A1238516} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{716B0B38-AA3E-4C18-8A8C-61E8A1238516} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B97575D0-9F3C-4E7A-8C15-412D2CB0A2FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{880E1F8A-67D4-4D77-A0E4-C6429E5BFB4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{880E1F8A-67D4-4D77-A0E4-C6429E5BFB4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\prelauncher_First => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFDB152E-87E3-4799-9897-BAA48E8E4DFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDB152E-87E3-4799-9897-BAA48E8E4DFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Screen Grasp GestureDetection => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2CE8B43-AA29-4088-A32E-014E180C59B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2CE8B43-AA29-4088-A32E-014E180C59B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Touch Tools Launcher => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-08-2017 22:34:51)

"C:\ProgramData\DP45977C.lfl" => Could not move

==== End of Fixlog 22:34:51 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back