Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Brandon (administrator) on ACERI5 (16-12-2018 11:56:21)
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon & (Available Profiles: Brandon)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Brandon\Downloads\FRST64 (4).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114520613\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114520613\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823193\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823193\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-12-17]
ShortcutTarget: Twitch.lnk -> C:\Users\Brandon\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicyScripts: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A2A1C2B1-BCAC-420C-82B4-3DF9A15A81AC}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B70EDA39-35EB-4E7F-8E7A-2ECAC6F45200}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-03] (Oracle Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-03] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C214US662D20140609&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-03-10]
CHR Extension: (Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-03]
CHR Extension: (Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
R2 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-12] (Google Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-13] (Malwarebytes)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-12-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-12-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [63768 2018-12-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [111152 2018-12-16] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [88400 2016-06-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 MpKsl020aca3c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4EECEE7F-CBEA-4264-9F5D-99DFA119E40B}\MpKsl020aca3c.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-16 11:52 - 2018-12-16 11:55 - 002417152 _____ (Farbar) C:\Users\Brandon\Downloads\FRST64 (4).exe
2018-12-13 21:33 - 2018-12-13 21:33 - 000008192 ___SH C:\Users\Brandon\Documents\Thumbs.db
2018-12-13 21:13 - 2018-12-13 21:13 - 000000000 ____D C:\Users\Brandon\AppData\Local\mbam
2018-12-13 18:56 - 2018-12-16 11:45 - 000111152 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-13 18:52 - 2018-12-13 18:52 - 000000000 ____D C:\Users\Brandon\AppData\Local\mbamtray
2018-12-13 18:51 - 2018-12-13 18:55 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-13 18:51 - 2018-12-13 18:51 - 000001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-13 18:51 - 2018-12-13 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-01 11:05 - 2016-08-08 04:00 - 000070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-11-25 11:02 - 2018-08-23 18:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-25 11:02 - 2018-08-23 16:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-25 11:02 - 2018-08-13 20:22 - 022374608 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-11-25 11:02 - 2018-07-24 12:50 - 006522344 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-11-25 11:01 - 2018-08-28 00:39 - 001491032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-11-25 11:01 - 2018-08-27 22:46 - 001764408 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-11-25 11:01 - 2018-08-27 20:36 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-11-25 11:01 - 2018-08-27 20:36 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-11-25 11:01 - 2018-08-23 17:54 - 000289280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-11-25 11:01 - 2018-08-23 17:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-25 11:01 - 2018-08-23 17:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-25 11:01 - 2018-08-23 17:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-25 11:01 - 2018-08-23 17:08 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-25 11:01 - 2018-08-23 17:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-25 11:01 - 2018-08-23 17:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-25 11:01 - 2018-08-23 16:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-25 11:01 - 2018-08-23 16:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-25 11:01 - 2018-08-23 16:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-25 11:01 - 2018-08-23 16:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-25 11:01 - 2018-08-23 16:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-25 11:01 - 2018-08-23 15:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-25 11:01 - 2018-08-23 15:49 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-25 11:01 - 2018-08-23 15:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-25 11:01 - 2018-08-23 15:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-25 11:01 - 2018-08-23 15:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-25 11:01 - 2018-08-23 15:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-25 11:01 - 2018-08-23 15:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-25 11:01 - 2018-08-13 20:19 - 019790752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-11-25 11:01 - 2018-08-13 15:06 - 002530384 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-11-25 11:01 - 2018-08-13 15:03 - 001903744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-11-25 11:01 - 2018-08-13 14:32 - 001368680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-11-25 11:01 - 2018-08-13 08:40 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-11-25 11:01 - 2018-08-13 08:39 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-11-25 11:01 - 2018-08-13 08:33 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-11-25 11:01 - 2018-08-13 08:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-11-25 11:01 - 2018-08-13 08:29 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-11-25 11:01 - 2018-08-12 14:23 - 007373544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-25 11:01 - 2018-08-12 14:06 - 001676056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-25 11:01 - 2018-08-12 14:06 - 001536120 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-11-25 11:01 - 2018-08-12 14:06 - 001500432 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-25 11:01 - 2018-08-12 14:06 - 001371352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-11-25 11:01 - 2018-08-12 14:04 - 002451808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-11-25 11:01 - 2018-08-12 11:31 - 002347520 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-11-25 11:01 - 2018-08-12 11:06 - 001556480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-11-25 11:01 - 2018-08-09 12:40 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-11-25 11:01 - 2018-08-09 12:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-11-25 11:01 - 2018-08-09 11:59 - 000543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-11-25 11:01 - 2018-08-09 11:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-11-25 11:01 - 2018-08-09 11:41 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-11-25 11:01 - 2018-08-09 11:39 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-11-25 11:01 - 2018-07-29 08:44 - 001265664 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-11-25 11:01 - 2018-07-24 12:50 - 001488008 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-11-25 11:01 - 2018-07-24 12:50 - 000261408 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2018-11-25 11:01 - 2018-07-24 08:45 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-11-25 11:01 - 2018-07-18 08:34 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-11-25 11:01 - 2018-07-06 12:14 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2018-11-25 11:01 - 2018-07-06 11:22 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2018-11-25 11:01 - 2018-07-05 18:17 - 001115648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-11-25 11:01 - 2018-06-26 10:25 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2018-11-25 11:01 - 2018-06-26 10:14 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2018-11-25 11:01 - 2018-06-21 08:31 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-25 11:01 - 2018-06-21 08:30 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-25 11:01 - 2018-06-21 08:24 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2018-11-25 11:01 - 2018-06-21 08:24 - 000513456 _____ C:\Windows\system32\locale.nls
2018-11-25 10:53 - 2018-11-25 10:53 - 000233656 _____ C:\Users\Brandon\Downloads\CrucialScan.exe
2018-11-25 10:53 - 2018-11-25 10:53 - 000233656 _____ C:\Users\Brandon\Downloads\CrucialScan (1).exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 08:36 - 2014-01-15 02:44 - 000000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2018-12-16 11:57 - 2017-08-01 17:43 - 000025358 _____ C:\Users\Brandon\Downloads\FRST.txt
2018-12-16 11:56 - 2017-08-01 17:43 - 000000000 ____D C:\FRST
2018-12-16 11:55 - 2017-12-17 11:34 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\Twitch
2018-12-16 11:55 - 2017-08-07 21:11 - 000000000 ____D C:\Users\Brandon\Downloads\FRST-OlderVersion
2018-12-16 11:44 - 2013-12-15 23:01 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-16 11:44 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2018-12-16 11:44 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2018-12-13 18:59 - 2014-06-09 01:15 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123904499-927742330-4291546209-1001
2018-12-13 18:53 - 2016-12-03 13:41 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-13 18:53 - 2016-12-03 13:41 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-13 18:51 - 2018-06-28 17:32 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-13 18:41 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-13 18:40 - 2013-08-22 09:44 - 000436784 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-01 09:29 - 2014-06-09 01:09 - 000000000 ____D C:\Users\Brandon
2018-12-01 09:29 - 2013-08-22 10:36 - 000000000 ___RD C:\Windows\ToastData
Some files in TEMP:
====================
2018-05-26 07:18 - 2018-05-26 07:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-1703280655158803499.dll
2017-12-17 12:07 - 2017-12-17 12:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-2486634185696926800.dll
2018-05-28 09:22 - 2018-05-28 09:22 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-6606377847582145534.dll
2017-12-19 16:08 - 2017-12-19 16:08 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-770172730297961556.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-01 11:17
==================== End of FRST.txt ============================
Ran by Brandon (administrator) on ACERI5 (16-12-2018 11:56:21)
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon & (Available Profiles: Brandon)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Brandon\Downloads\FRST64 (4).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114520613\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114520613\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823193\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823193\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-12-17]
ShortcutTarget: Twitch.lnk -> C:\Users\Brandon\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicyScripts: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A2A1C2B1-BCAC-420C-82B4-3DF9A15A81AC}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B70EDA39-35EB-4E7F-8E7A-2ECAC6F45200}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKU\S-1-5-21-1123904499-927742330-4291546209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114521222 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1123904499-927742330-4291546209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162018114823757 -> {64AF5761-D3F9-4C3F-8C9B-6823DDB6C274} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-03] (Oracle Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-03] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C214US662D20140609&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-03-10]
CHR Extension: (Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-03]
CHR Extension: (Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
R2 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-12] (Google Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-13] (Malwarebytes)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-12-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-12-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [63768 2018-12-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [111152 2018-12-16] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [88400 2016-06-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 MpKsl020aca3c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4EECEE7F-CBEA-4264-9F5D-99DFA119E40B}\MpKsl020aca3c.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-16 11:52 - 2018-12-16 11:55 - 002417152 _____ (Farbar) C:\Users\Brandon\Downloads\FRST64 (4).exe
2018-12-13 21:33 - 2018-12-13 21:33 - 000008192 ___SH C:\Users\Brandon\Documents\Thumbs.db
2018-12-13 21:13 - 2018-12-13 21:13 - 000000000 ____D C:\Users\Brandon\AppData\Local\mbam
2018-12-13 18:56 - 2018-12-16 11:45 - 000111152 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-13 18:56 - 2018-12-13 18:56 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-13 18:52 - 2018-12-13 18:52 - 000000000 ____D C:\Users\Brandon\AppData\Local\mbamtray
2018-12-13 18:51 - 2018-12-13 18:55 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-13 18:51 - 2018-12-13 18:51 - 000001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-13 18:51 - 2018-12-13 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-01 11:05 - 2016-08-08 04:00 - 000070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-11-25 11:02 - 2018-08-23 18:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-25 11:02 - 2018-08-23 16:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-25 11:02 - 2018-08-13 20:22 - 022374608 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-11-25 11:02 - 2018-07-24 12:50 - 006522344 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-11-25 11:01 - 2018-08-28 00:39 - 001491032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-11-25 11:01 - 2018-08-27 22:46 - 001764408 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-11-25 11:01 - 2018-08-27 20:36 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-11-25 11:01 - 2018-08-27 20:36 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-11-25 11:01 - 2018-08-23 17:54 - 000289280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-11-25 11:01 - 2018-08-23 17:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-25 11:01 - 2018-08-23 17:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-25 11:01 - 2018-08-23 17:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-25 11:01 - 2018-08-23 17:08 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-25 11:01 - 2018-08-23 17:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-25 11:01 - 2018-08-23 17:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-25 11:01 - 2018-08-23 16:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-25 11:01 - 2018-08-23 16:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-25 11:01 - 2018-08-23 16:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-25 11:01 - 2018-08-23 16:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-25 11:01 - 2018-08-23 16:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-25 11:01 - 2018-08-23 15:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-25 11:01 - 2018-08-23 15:49 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-25 11:01 - 2018-08-23 15:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-25 11:01 - 2018-08-23 15:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-25 11:01 - 2018-08-23 15:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-25 11:01 - 2018-08-23 15:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-25 11:01 - 2018-08-23 15:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-25 11:01 - 2018-08-13 20:19 - 019790752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-11-25 11:01 - 2018-08-13 15:06 - 002530384 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-11-25 11:01 - 2018-08-13 15:03 - 001903744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-11-25 11:01 - 2018-08-13 14:32 - 001368680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-11-25 11:01 - 2018-08-13 08:40 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-11-25 11:01 - 2018-08-13 08:39 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-11-25 11:01 - 2018-08-13 08:33 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-11-25 11:01 - 2018-08-13 08:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-11-25 11:01 - 2018-08-13 08:29 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-11-25 11:01 - 2018-08-12 14:23 - 007373544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-25 11:01 - 2018-08-12 14:06 - 001676056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-25 11:01 - 2018-08-12 14:06 - 001536120 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-11-25 11:01 - 2018-08-12 14:06 - 001500432 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-25 11:01 - 2018-08-12 14:06 - 001371352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-11-25 11:01 - 2018-08-12 14:04 - 002451808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-11-25 11:01 - 2018-08-12 11:31 - 002347520 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-11-25 11:01 - 2018-08-12 11:06 - 001556480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-11-25 11:01 - 2018-08-09 12:40 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-11-25 11:01 - 2018-08-09 12:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-11-25 11:01 - 2018-08-09 11:59 - 000543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-11-25 11:01 - 2018-08-09 11:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-11-25 11:01 - 2018-08-09 11:41 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-11-25 11:01 - 2018-08-09 11:39 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-11-25 11:01 - 2018-07-29 08:44 - 001265664 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-11-25 11:01 - 2018-07-24 12:50 - 001488008 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-11-25 11:01 - 2018-07-24 12:50 - 000261408 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2018-11-25 11:01 - 2018-07-24 08:45 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-11-25 11:01 - 2018-07-18 08:34 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-11-25 11:01 - 2018-07-06 12:14 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2018-11-25 11:01 - 2018-07-06 11:22 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2018-11-25 11:01 - 2018-07-05 18:17 - 001115648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-11-25 11:01 - 2018-06-26 10:25 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2018-11-25 11:01 - 2018-06-26 10:14 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2018-11-25 11:01 - 2018-06-21 08:31 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-25 11:01 - 2018-06-21 08:30 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-25 11:01 - 2018-06-21 08:24 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2018-11-25 11:01 - 2018-06-21 08:24 - 000513456 _____ C:\Windows\system32\locale.nls
2018-11-25 10:53 - 2018-11-25 10:53 - 000233656 _____ C:\Users\Brandon\Downloads\CrucialScan.exe
2018-11-25 10:53 - 2018-11-25 10:53 - 000233656 _____ C:\Users\Brandon\Downloads\CrucialScan (1).exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 08:36 - 2014-01-15 02:44 - 000000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2018-12-16 11:57 - 2017-08-01 17:43 - 000025358 _____ C:\Users\Brandon\Downloads\FRST.txt
2018-12-16 11:56 - 2017-08-01 17:43 - 000000000 ____D C:\FRST
2018-12-16 11:55 - 2017-12-17 11:34 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\Twitch
2018-12-16 11:55 - 2017-08-07 21:11 - 000000000 ____D C:\Users\Brandon\Downloads\FRST-OlderVersion
2018-12-16 11:44 - 2013-12-15 23:01 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-16 11:44 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2018-12-16 11:44 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2018-12-13 18:59 - 2014-06-09 01:15 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123904499-927742330-4291546209-1001
2018-12-13 18:53 - 2016-12-03 13:41 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-13 18:53 - 2016-12-03 13:41 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-13 18:51 - 2018-06-28 17:32 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-13 18:41 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-13 18:40 - 2013-08-22 09:44 - 000436784 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-01 09:29 - 2014-06-09 01:09 - 000000000 ____D C:\Users\Brandon
2018-12-01 09:29 - 2013-08-22 10:36 - 000000000 ___RD C:\Windows\ToastData
Some files in TEMP:
====================
2018-05-26 07:18 - 2018-05-26 07:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-1703280655158803499.dll
2017-12-17 12:07 - 2017-12-17 12:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-2486634185696926800.dll
2018-05-28 09:22 - 2018-05-28 09:22 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-6606377847582145534.dll
2017-12-19 16:08 - 2017-12-19 16:08 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Brandon\AppData\Local\Temp\jansi-64-770172730297961556.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-01 11:17
==================== End of FRST.txt ============================