Okay, I ran the scans in safe mode because it was nearly impossible for me to do without, hope that's okay.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/2/2016
Scan Time: 6:39 PM
Logfile: mbamlog.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.11.02.13
Rootkit Database: v2016.10.31.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Space Kid
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376156
Time Elapsed: 37 min, 20 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Space Kid (02-11-2016 19:39:17)
Running from C:\Users\Space Kid\Desktop
Windows 8.1 (Update) (X64) (2015-06-22 14:16:26)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3257608161-552445302-3632482908-500 - Administrator - Enabled) => C:\Users\Administrator.doms-pc
Guest (S-1-5-21-3257608161-552445302-3632482908-501 - Limited - Disabled)
Space Kid (S-1-5-21-3257608161-552445302-3632482908-1001 - Administrator - Enabled) => C:\Users\Space Kid
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.220.2 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.4.6121 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4926 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.4930 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3726 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.3.3726 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.4724 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{00AB67E6-7A15-4357-95AA-F06A6950EA7C}) (Version: 7.0.39.113 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Odyssey 2 in 1 Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{CC1FD1EF-FEF1-4A97-847C-D1652CD56C3C}) (Version: 6.0.23.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7C025928-4B8C-4754-81A4-8B34A57E4725}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (x32 Version: 3.0.2.59 - WildTangent) Hidden
Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10300.137 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{33d748b9-4100-4fef-bcdc-33e69f098c38}) (Version: 17.13.2000.2036 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4189 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1036 - Intel Corporation)
Intel(R) USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.26 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{D4357222-DD31-4AD7-8ABE-4881D47D906F}) (Version: 5.2.2.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{A5830729-36A3-4900-8135-D8A972914342}) (Version: 1.0.0.516 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Kodi (HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Kodi) (Version: - XBMC-Foundation)
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.159 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.8.0.50 - Symantec Corporation)
OpenToonz version 1.0.1 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0.1 - DWANGO Co., Ltd.)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7478 - Realtek Semiconductor Corp.)
REOptimizer (HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\REOptimizer) (Version: - ) <==== ATTENTION
Rory's Restaurant (x32 Version: 3.0.2.59 - WildTangent) Hidden
Royal Envoy Double Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.55 - Synaptics Incorporated)
Undertale (HKLM-x32\...\VW5kZXJ0YWxl_is1) (Version: 1 - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Intel Corporation (iagpioe) System (02/28/2015 603.9600.1920.60719) (HKLM\...\F7BD032DC4815E48C8FFD310F4793B930D5F4837) (Version: 02/28/2015 603.9600.1920.60719 - Intel Corporation)
Windows Driver Package - Intel Corporation (iai2ce) System (02/28/2015 603.9600.2425.60717) (HKLM\...\358163B8DA80E489A41CAAC6542BF9E6245297EA) (Version: 02/28/2015 603.9600.2425.60717 - Intel Corporation)
Windows Driver Package - Intel Corporation (iauarte) System (02/16/2015 603.9600.2426.59928) (HKLM\...\EBFE7C1B6A8869998B8883D5FAFEA855A69722C8) (Version: 02/16/2015 603.9600.2426.59928 - Intel Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0C1A3095-63C7-455A-B254-14C2B2292AF7} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {162E629E-66E3-4D0D-A6F7-D7C6B329FCD4} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1AAE30DF-D993-4177-89DD-B6FE6BF221DC} - \Start SimplePass -> No File <==== ATTENTION
Task: {1C8A718F-95CC-4BA7-A08A-EEE77522E721} - \Start OPBHOBroker -> No File <==== ATTENTION
Task: {1D8DA2B8-5A44-45A4-9CA0-EDAF2C827892} - \YCMServiceAgent -> No File <==== ATTENTION
Task: {1DDDB96B-0267-44D1-91CC-B9126DB5CCAA} - \McAfeeLogon -> No File <==== ATTENTION
Task: {1E8D30CE-9F40-43CA-975D-1EAF6DC3A7B4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {200232D1-D737-4234-AC01-2AA64D00F81A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {27BFE6FA-F799-4A33-9C4A-0BB670657972} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {28825653-43FB-47CE-AE5F-4359769FD9FE} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {2AB25B82-8CF8-4A48-A46C-EE612DDBE97D} - \User_Feed_Synchronization-{544CA83F-4211-4E41-8586-A6475FB33457} -> No File <==== ATTENTION
Task: {2D11114C-D6A6-4BC9-90F2-3969792CDBD3} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {33F5D08F-7687-4872-B77C-303ED79FB8E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {345EBB73-6308-4146-811B-3B8D6B05E0A6} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {53C8788C-DCEC-400B-8E01-D8038607AB28} - \HPCeeScheduleForSpace Kid -> No File <==== ATTENTION
Task: {5CDDAE38-3285-4592-A592-D872D613F7CA} - \Avast SecureLine -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {8489496B-AFE3-44BB-BF60-BB12C993115A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9443B7F6-54B1-4578-BF3B-54387CC74737} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {99FA0B6D-8A8B-4E9C-ABDE-137CC9112D91} - \Start OPBHOBrokerDesktop -> No File <==== ATTENTION
Task: {9C66E8C8-0722-4644-B44C-607A2F48043C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {ACA40B85-037A-4B25-9748-DD08949057EF} - \DropboxOEM -> No File <==== ATTENTION
Task: {B4234462-FDAC-4B01-BC0D-B7568BA2ADC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B682A0E1-4797-471F-BFF7-A78A547BBD38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C7231CA3-2EBA-40A0-9F87-56C2F7ADBE80} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {CE59565F-5149-4DF4-AD0E-E8C29971CE4F} - \avast! SL Update -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {E7A94DAC-5EFD-4A46-839C-1A77BBB6B457} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {F029944A-C247-4D71-9930-C9253B180C2C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {F1B56BD0-5966-469B-BEB5-9B9D2022B615} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FA21E427-E748-47B8-A406-760BDC7F97ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSpace Kid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756,
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756,
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ebd56dad7f13a36\Skype.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic
==================== Loaded Modules (Whitelisted) ==============
2016-11-02 14:53 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-11-02 14:53 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2016-11-01 20:15 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Space Kid\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{e5c14e7e-53d7-43ce-b8aa-c0cf7f7a85ec}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "svchost.exe -start"
HKLM\...\StartupApproved\Run32: => "dllhost.exe -start"
HKLM\...\StartupApproved\Run32: => "cpx"
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\StartupApproved\Run: => "etregx"
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\StartupApproved\Run: => "Itibiti.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D2EAFD83-F066-48A5-BE00-097BE52703E4}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6DBBDF59-0584-47D3-8210-AE513524D403}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C088EC7E-F585-42DA-A411-FFEACDD0C45E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6EF48FA0-E5FF-4C56-AD45-D52941BCE4B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B08B00AB-2C07-4174-AAA8-35E580B8587A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2AFA64E-FDEA-488B-A6F8-82458E7B9987}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{A22ADA3B-FB9A-4ECD-BC21-4D6CB59F6D1F}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A6424183-25DC-42DC-92F0-FCFF9D702D2D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{33B7D5C9-9D3C-4CAF-BB9B-157D2EDC7E12}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{70E09E56-A5D3-4882-A530-EFF99EF1DDCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{631BBA33-C55F-4B8F-8D4F-25760A54A68A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{C1E4F178-21FD-46D8-8A1F-E6B471C841C5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{CD8600A9-CB0C-4F4B-9DBA-586CAD237A95}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2259269A-E570-4146-961D-A910734D5A6B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5FB99AB8-DE3F-4339-9A61-A1DA626B664C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{7B7D5D48-68D8-4E80-B651-C3F90D3BA9C3}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{69132D07-1C79-442F-809D-944ABB08C81F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{C37A60A7-5AD1-4321-9979-3A9F7D1574CA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59D7A69C-FABD-4699-B263-2BF82ACF61F0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AF0716D5-8236-4E70-AD11-8E4AD224C64D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0EEF12B5-3841-4F9E-9E71-D6302A7FBB79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D845231C-3E71-475B-888F-2D9196538000}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{1F173821-FB88-4BAF-B9E1-7946FFF8010C}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{4BF1EC75-D82A-4D1C-8550-CB872CF6F47C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D0C91CD-460A-405D-9D8F-03B3C89D42EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF86EA08-892F-4B22-BCAD-2E9545C5B17F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F29003DA-DB46-4F8A-9B84-E2F29ED652C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D107D811-3680-4A70-9090-CA2E33478CEF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{C532AA8E-F006-4C39-8DC5-B22BFD10F6EA}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{9844BE7A-3731-48C6-88DC-3F186F85A67D}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{10CE3C73-B067-4AA3-993B-0FFB6735CB6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A45DA536-1A60-4B08-9C7C-8C6B74BF82A7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{6F966BC5-F26B-477A-860B-42214FB81C33}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8EC84FC6-82D8-4C7E-8141-D527F98944DF}] => (Allow) C:\Users\Space Kid\AppData\Local\50122569.exe
FirewallRules: [{6689AB77-7AE3-4091-9DEE-577C6AA35823}] => (Allow) C:\Program Files (x86)\treasury\pentecostals.exe
FirewallRules: [{DF0B4932-D979-42DB-9C5E-7B61B9874E8D}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{63065F85-5D07-4316-BCC0-8C38BA4A697B}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [UDP Query User{33FB963F-B2E2-4239-8B33-E7CCD08129F9}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
==================== Restore Points =========================
07-06-2016 21:44:59 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
07-06-2016 21:46:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
19-07-2016 13:53:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
30-09-2016 20:42:22 Installed iTunes
30-10-2016 20:22:41 Removed 7-Zip 9.20 (x64 edition)
01-11-2016 20:07:18 Norton_Power_Eraser_20161101200656354
==================== Faulty Device Manager Devices =============
Name: Intel(R) Serial IO I2C ES Controller
Description: Intel(R) Serial IO I2C ES Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iai2ce
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Intel(R) Serial IO I2C ES Controller
Description: Intel(R) Serial IO I2C ES Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iai2ce
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Intel(R) Serial IO I2C ES Controller
Description: Intel(R) Serial IO I2C ES Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iai2ce
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/02/2016 07:26:32 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
Policy: Passive Policy [0]
Error: (11/02/2016 05:48:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
Policy: Passive Policy [0]
Error: (11/02/2016 05:27:17 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
Policy: Passive Policy [0]
Error: (11/02/2016 02:38:56 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10300.137
DPTF Build Date: Mar 5 2015 15:46:51
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
Policy: Passive Policy [0]
Error: (11/02/2016 02:34:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/02/2016 02:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/02/2016 02:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/02/2016 02:29:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/02/2016 02:29:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/02/2016 02:29:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (11/02/2016 07:39:27 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/02/2016 07:39:18 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/02/2016 07:39:18 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/02/2016 07:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/02/2016 07:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/02/2016 07:38:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (11/02/2016 07:38:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (11/02/2016 07:37:14 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/02/2016 07:37:14 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/02/2016 07:36:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
CodeIntegrity:
===================================
Date: 2016-10-31 16:32:21.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-31 11:16:22.159
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-31 11:15:56.466
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-31 11:08:38.278
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 17:39:33.605
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 17:39:30.357
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 17:38:09.128
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 17:38:07.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 17:38:04.985
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 17:38:02.351
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 4019.02 MB
Available physical RAM: 2722.36 MB
Total Virtual: 4915.02 MB
Available Virtual: 3669.3 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:437.32 GB) (Free:352.48 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:27.42 GB) (Free:3.06 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Space Kid (administrator) on DOMS-PC (02-11-2016 19:37:13)
Running from C:\Users\Space Kid\Desktop
Loaded Profiles: Space Kid (Available Profiles: Space Kid & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8464600 2015-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-03-05] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126192 2014-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-18] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [BingSvc] => C:\Users\Space Kid\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-18\...\Run: [] => 0
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnashing.lnk [2016-10-30]
ShortcutTarget: gnashing.lnk -> C:\Program Files (x86)\treasury\pentecostals.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1CA066BF-D1BE-4AE3-A8ED-36A21407AC8A}: [DhcpNameServer] 172.168.0.2
Tcpip\..\Interfaces\{5EF38A7E-8EAD-4542-8BD3-90D288882EA1}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mytransitguide/s18478/index.html?n=782B4A6B&p2=^BNH^xdm648^S18478^us&ptb=F7BE2B4F-D582-49B1-8FD1-799AFBBB5A3F&si=539528_17
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {F6BA0B32-4D39-4E9C-9EA3-199B46FEEEF9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> {F6BA0B32-4D39-4E9C-9EA3-199B46FEEEF9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
IE Session Restore: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> is enabled.
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-06-29] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-06-29] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-01]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-09-17] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-06-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-06-29] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin HKU\S-1-5-21-3257608161-552445302-3632482908-1001: SkypePlugin -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi.dll [2016-09-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3257608161-552445302-3632482908-1001: SkypePlugin64 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi-x64.dll [2016-09-22] (Skype Technologies S.A.)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default [2016-11-02]
CHR Extension: (Google Slides) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19]
CHR Extension: (Google Docs) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19]
CHR Extension: (Google Drive) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (Skype Calling) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-25]
CHR Extension: (YouTube) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-11-01]
CHR Extension: (Google Search) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Sheets) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19]
CHR Extension: (Stylish) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-11-01]
CHR Extension: (New XKit) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-11-19]
CHR Extension: (Skype) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-26]
CHR Extension: (True Key™ by Intel Security) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3257608161-552445302-3632482908-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1332184 2015-03-31] (Intel Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-11-04] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-04-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2014-10-03] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-18] () [File not signed]
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-18] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [172320 2014-12-10] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-06-29] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] ()
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-23] (Symantec Corporation)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-04-22] (Realtek Semiconductor)
S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2016-01-03] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-05] (Synaptics Incorporated)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation)
S2 0067471477772397mcinstcleanup; C:\Windows\TEMP\006747~1.EXE -cleanup -nolog [X]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20161101.001\BHDrvx64.sys [1854712 2016-09-23] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-09-23] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [45648 2015-03-31] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [41552 2015-03-31] (Intel Corporation)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-11-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-11-01] (Symantec Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [243792 2015-03-31] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [32256 2015-02-28] (Intel(R) Corporation)
S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [83968 2015-02-28] (Intel(R) Corporation)
S3 iauarte; C:\Windows\System32\drivers\iauarte.sys [101888 2015-02-28] (Intel(R) Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [225008 2014-11-04] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20161101.001\IDSvia64.sys [1012952 2016-11-01] (Symantec Corporation)
S3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [4516280 2015-04-22] (Intel Corporation)
R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [23824 2015-03-27] (Intel)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3482600 2014-11-17] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-03-19] (Realtek Semiconductor Corp.)
S3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-05] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1608000.032\SymELAM.sys [24192 2016-09-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-11-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [114976 2014-11-24] (Intel Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Windows (R) Win 7 DDK provider)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2015-04-08] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 EraserUtilDrv11610; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11610.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161101.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161101.002\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-02 19:37 - 2016-11-02 19:38 - 00027804 _____ C:\Users\Space Kid\Desktop\FRST.txt
2016-11-02 19:32 - 2016-11-02 19:37 - 00000000 ____D C:\FRST
2016-11-02 19:31 - 2016-11-02 19:31 - 02408960 _____ (Farbar) C:\Users\Space Kid\Desktop\FRST64.exe
2016-11-02 17:55 - 2016-11-02 17:55 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator.doms-pc\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-11-02 04:29 - 2016-11-02 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-11-01 20:15 - 2016-11-01 20:15 - 00001780 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2016-11-01 19:43 - 2016-11-01 20:49 - 00000000 ____D C:\Users\Space Kid\AppData\Local\NPE
2016-11-01 17:35 - 2016-11-01 17:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-01 17:34 - 2016-11-01 17:34 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Hewlett-Packard
2016-11-01 16:38 - 2016-11-02 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-01 16:38 - 2016-11-02 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-01 16:38 - 2016-11-01 17:33 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-01 16:38 - 2016-11-01 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-01 16:38 - 2016-11-01 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-01 16:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-01 16:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-01 16:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-01 16:37 - 2016-11-01 16:37 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator.doms-pc\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-01 16:24 - 2016-11-01 16:24 - 00302776 _____ C:\Users\Administrator.doms-pc\Desktop\sfcdetail.txt
2016-11-01 16:10 - 2016-11-01 16:10 - 00302776 _____ C:\Windows\system32\sfcdetails.txt
2016-11-01 07:52 - 2016-11-01 07:55 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\NPE
2016-11-01 07:52 - 2016-11-01 07:52 - 03423928 _____ (Symantec Corporation) C:\Users\Administrator.doms-pc\Downloads\NPE.exe
2016-11-01 07:41 - 2016-11-01 07:41 - 00000000 ____D C:\Windows\system32\yva
2016-11-01 07:40 - 2016-11-01 07:40 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-11-01 07:35 - 2016-11-01 07:35 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-11-01 07:18 - 2016-11-01 09:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\ElevatedDiagnostics
2016-11-01 07:15 - 2016-11-01 17:33 - 00002403 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-11-01 07:15 - 2016-11-01 07:15 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-11-01 07:15 - 2016-11-01 07:15 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-11-01 07:15 - 2016-11-01 07:15 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-11-01 07:14 - 2016-11-01 07:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-11-01 07:13 - 2016-11-01 07:16 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-11-01 07:13 - 2016-11-01 07:13 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-11-01 07:12 - 2016-11-01 17:32 - 00001448 _____ C:\Users\Administrator.doms-pc\Desktop\Norton Download Manager.lnk
2016-11-01 07:12 - 2016-11-01 17:32 - 00001257 _____ C:\Users\Administrator.doms-pc\Desktop\Norton Installation Files.lnk
2016-11-01 07:12 - 2016-11-01 07:53 - 00000000 ____D C:\ProgramData\Norton
2016-11-01 07:12 - 2016-11-01 07:12 - 01101088 _____ (Symantec Corporation) C:\Users\Administrator.doms-pc\Downloads\NSDeluxeDownloader.exe
2016-11-01 07:12 - 2016-11-01 07:12 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-11-01 06:31 - 2016-11-02 19:31 - 01931774 _____ C:\Windows\ntbtlog.txt
2016-11-01 06:30 - 2016-11-01 06:30 - 00000000 ____D C:\Windows\system32\buak
2016-11-01 06:27 - 2016-11-01 06:27 - 00000000 ____D C:\Windows\system32\paqo
2016-11-01 06:26 - 2016-11-01 06:26 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{90AF1C31-163E-48BE-9854-EBC6A6D85EFC}
2016-11-01 06:24 - 2016-11-01 06:24 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257608161-552445302-3632482908-500
2016-11-01 06:20 - 2016-11-01 06:20 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Macromedia
2016-11-01 06:19 - 2016-11-01 06:19 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Apple Computer
2016-11-01 06:17 - 2016-11-01 17:33 - 00001449 _____ C:\Users\Administrator.doms-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-01 06:17 - 2016-11-01 07:18 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Google
2016-11-01 06:17 - 2016-11-01 06:26 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Packages
2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Synaptics
2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Adobe
2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Hewlett-Packard
2016-11-01 06:16 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc
2016-11-01 06:16 - 2016-11-01 06:16 - 00000020 ___SH C:\Users\Administrator.doms-pc\ntuser.ini
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\My Documents
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Videos
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Pictures
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Music
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Intel
2016-11-01 06:16 - 2016-01-04 22:13 - 00000000 ___HD C:\Users\Administrator.doms-pc\Documents\hp.system.package.metadata
2016-11-01 06:16 - 2015-04-23 06:43 - 00000000 ___HD C:\Users\Administrator.doms-pc\Documents\hp.applications.package.appdata
2016-11-01 04:14 - 2016-11-01 04:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-11-01 03:06 - 2016-11-01 03:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\UNDERTALE
2016-10-31 16:44 - 2016-11-01 06:07 - 00000000 ____D C:\Windows\system32\hoin
2016-10-31 16:36 - 2016-11-01 05:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-10-31 11:29 - 2016-10-31 11:29 - 00000000 ____D C:\Windows\system32\pay
2016-10-31 11:15 - 2016-10-31 11:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Foxit Software
2016-10-31 10:51 - 2016-10-31 10:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2016-10-31 10:17 - 2016-10-31 10:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2016-10-31 10:14 - 2016-10-31 10:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-10-31 10:13 - 2016-10-31 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-10-31 10:13 - 2016-10-31 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2016-10-31 10:11 - 2016-11-01 17:30 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-10-31 10:11 - 2016-10-31 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-10-31 10:11 - 2016-10-31 10:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-10-31 10:10 - 2016-11-01 06:09 - 00000000 ____D C:\Users\Administrator
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-10-31 10:10 - 2016-01-04 22:13 - 00000000 ___HD C:\Users\Administrator\Documents\hp.system.package.metadata
2016-10-31 10:10 - 2015-04-23 06:43 - 00000000 ___HD C:\Users\Administrator\Documents\hp.applications.package.appdata
2016-10-31 09:47 - 2016-10-31 09:47 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Itibiti
2016-10-30 20:12 - 2016-11-01 08:54 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Geunfy
2016-10-30 19:48 - 2016-10-30 19:51 - 00000000 ____D C:\Users\Space Kid\AppData\Local\app
2016-10-30 19:43 - 2016-11-01 17:04 - 00000000 ____D C:\Users\Space Kid\AppData\LocalLow\Company
2016-10-30 19:43 - 2016-10-30 20:12 - 00000000 ____D C:\Users\Space Kid\AppData\Local\Tempfolder
2016-10-30 19:43 - 2016-10-30 19:43 - 00000000 ____D C:\uninst
2016-10-30 19:41 - 2016-10-30 19:41 - 00000000 ____H C:\Windows\system32\BIT98E0.tmp
2016-10-30 19:40 - 2016-11-01 17:04 - 00000000 ___HD C:\Program Files (x86)\treasury
2016-10-30 19:40 - 2016-11-01 07:56 - 00000000 ____D C:\Program Files (x86)\7C41F94C-1477874550-11E5-8397-F406694BA603
2016-10-30 19:40 - 2016-11-01 07:53 - 00000000 ___HD C:\Program Files (x86)\ellmann
2016-10-30 19:40 - 2016-10-30 19:40 - 00000000 _____ C:\TOSTACK
2016-10-30 19:39 - 2016-11-02 14:34 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257608161-552445302-3632482908-1001
2016-10-30 19:39 - 2016-10-30 19:41 - 00000003 _____ C:\Users\Space Kid\AppData\Local\run1.txt
2016-10-30 19:37 - 2016-11-01 17:04 - 00000000 ____D C:\Program Files (x86)\S5
2016-10-30 19:37 - 2016-10-30 19:37 - 00000000 ____D C:\Users\Space Kid\AppData\Local\CrashRpt
2016-10-30 19:36 - 2016-11-01 20:42 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Xbox
2016-10-30 19:36 - 2016-11-01 05:55 - 00000000 ____D C:\Program Files (x86)\Microleaves
2016-10-30 19:00 - 2016-10-30 19:00 - 00002259 _____ C:\Windows\epplauncher.mif
2016-10-30 18:57 - 2016-10-30 18:59 - 14324408 _____ (Microsoft Corporation) C:\Users\Space Kid\Downloads\mseinstall.exe
2016-10-30 18:19 - 2016-10-30 18:19 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\WinRAR
2016-10-30 17:37 - 2016-11-01 17:33 - 00000994 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-10-30 17:37 - 2016-11-01 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-30 17:37 - 2016-10-30 17:37 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-30 17:36 - 2016-10-30 17:37 - 00000000 ____D C:\Program Files\WinRAR
2016-10-30 17:36 - 2016-10-30 17:36 - 02179856 _____ C:\Users\Space Kid\Downloads\winrar-x64-540.exe
2016-10-30 17:32 - 2016-10-30 17:32 - 01962408 _____ C:\Users\Space Kid\Downloads\wrar540.exe
2016-10-30 11:06 - 2016-10-30 11:06 - 02842320 _____ C:\Users\Space Kid\Downloads\npp.7.1.Installer.exe
2016-10-29 23:47 - 2016-10-29 23:47 - 00000000 ____D C:\Users\Space Kid\Downloads\spookysoiree-1.0-win
2016-10-29 23:46 - 2016-10-29 23:46 - 30356296 _____ C:\Users\Space Kid\Downloads\spookysoiree-1.0-win.zip
2016-10-27 11:50 - 2016-11-01 17:33 - 00002031 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-10-27 11:50 - 2016-11-01 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-10-25 17:28 - 2016-11-02 16:17 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Kodi
2016-10-25 10:24 - 2016-10-25 10:24 - 00707658 _____ C:\Users\Space Kid\Downloads\Syllabus - CLICK HERE to Download - IT_102_Desktop_Client_Support_Fall_2016_Hybrid_2nd8weeks.zip
2016-10-25 10:16 - 2016-10-30 00:12 - 00000000 ____D C:\Users\Space Kid\Downloads\school stuff
2016-10-17 16:27 - 2016-10-17 16:27 - 00765068 _____ C:\Users\Space Kid\Downloads\Syllabus - CLICK HERE to Download - IT_102_Desktop_Client_Support_Fall_2016_Hybrid_2nd8weeks.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-02 19:33 - 2014-11-20 23:42 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-02 19:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-11-02 19:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-02 18:37 - 2015-06-22 09:16 - 00000000 ____D C:\Users\Space Kid
2016-11-02 14:40 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-02 14:38 - 2015-11-19 22:03 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-02 14:37 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-02 14:34 - 2016-05-18 18:22 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Skype
2016-11-02 14:30 - 2015-11-20 01:31 - 00000000 ___DO C:\Users\Space Kid\OneDrive
2016-11-02 14:29 - 2015-06-22 09:17 - 00000000 __SHD C:\Users\Space Kid\IntelGraphicsProfiles
2016-11-02 14:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-02 14:29 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-11-02 14:27 - 2016-07-19 13:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-02 14:27 - 2016-05-13 21:54 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForSpace Kid.job
2016-11-02 14:27 - 2015-11-19 22:03 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-02 04:28 - 2015-11-21 10:13 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-01 17:56 - 2015-11-19 22:03 - 00000000 ____D C:\Users\Space Kid\AppData\Local\Google
2016-11-01 17:33 - 2016-09-30 20:46 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-01 17:33 - 2016-09-30 20:42 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-11-01 17:33 - 2016-08-17 10:34 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2016-11-01 17:33 - 2016-08-02 23:40 - 00000937 _____ C:\Users\Public\Desktop\OpenToonz.lnk
2016-11-01 17:33 - 2016-07-19 13:55 - 00001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-11-01 17:33 - 2016-07-19 13:55 - 00001247 _____ C:\Users\Public\Desktop\True Key.lnk
2016-11-01 17:33 - 2016-05-18 18:22 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-01 17:33 - 2015-11-23 11:18 - 00000824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undertale.lnk
2016-11-01 17:33 - 2015-11-23 11:18 - 00000812 _____ C:\Users\Public\Desktop\Undertale.lnk
2016-11-01 17:33 - 2015-11-19 22:04 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-01 17:33 - 2015-11-19 22:04 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-01 17:33 - 2015-06-22 09:17 - 00001396 _____ C:\Users\Public\Desktop\Priceline.com.lnk
2016-11-01 17:33 - 2015-06-22 09:17 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2016-11-01 17:33 - 2015-06-19 15:49 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-11-01 17:33 - 2015-06-19 15:39 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2016-11-01 17:33 - 2015-06-19 15:39 - 00002519 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2016-11-01 17:33 - 2015-06-19 15:39 - 00002155 _____ C:\Users\Public\Desktop\Connected Music.lnk
2016-11-01 17:33 - 2015-06-19 15:18 - 00001636 _____ C:\Users\Public\Desktop\Connected Photo.lnk
2016-11-01 17:33 - 2015-06-19 15:16 - 00002169 _____ C:\Users\Public\Desktop\Connected Drive.lnk
2016-11-01 17:33 - 2015-06-19 15:14 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-11-01 13:29 - 2016-08-02 23:38 - 00000000 ____D C:\OpenToonz 1.0 stuff
2016-11-01 08:01 - 2015-11-23 11:16 - 00000000 ____D C:\Program Files (x86)\Undertale
2016-11-01 07:15 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-11-01 06:09 - 2015-06-19 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-11-01 06:08 - 2016-09-30 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-01 06:08 - 2016-08-17 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-11-01 06:08 - 2016-08-02 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenToonz 1.0
2016-11-01 06:08 - 2016-07-19 13:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-11-01 06:08 - 2016-05-18 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-11-01 06:08 - 2015-12-07 05:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-01 06:08 - 2015-06-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-11-01 06:08 - 2015-06-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-01 06:08 - 2015-06-19 15:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-01 06:08 - 2015-06-19 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-11-01 06:08 - 2015-06-19 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB
2016-11-01 06:08 - 2015-06-19 15:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-11-01 06:08 - 2015-06-19 15:13 - 00000000 ____D C:\Program Files\7-Zip
2016-11-01 06:08 - 2015-06-19 14:55 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-11-01 06:08 - 2015-06-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-11-01 06:08 - 2015-04-23 06:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-11-01 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2016-11-01 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-11-01 05:56 - 2016-07-19 13:55 - 00000000 ____D C:\Users\Space Kid\AppData\Local\tkdata
2016-11-01 05:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\registration
2016-11-01 05:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-11-01 03:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-10-30 19:42 - 2015-06-22 09:17 - 00001657 _____ C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-30 00:15 - 2016-08-29 23:02 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\RenPy
2016-10-29 15:59 - 2016-07-19 13:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-29 15:22 - 2016-07-19 13:43 - 00000000 ____D C:\Program Files\TrueKey
2016-10-27 11:50 - 2016-07-21 15:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-10-27 08:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-27 08:10 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-26 09:17 - 2015-11-19 22:03 - 00000000 ____D C:\Users\Space Kid\Documents\Youcam
2016-10-26 09:14 - 2016-05-18 18:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-26 09:14 - 2016-05-18 18:21 - 00000000 ____D C:\ProgramData\Skype
2016-10-25 10:16 - 2016-01-08 19:45 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Foxit Software
2016-10-23 11:44 - 2016-08-25 15:30 - 00000000 ____D C:\Users\Space Kid\AppData\Local\SkypePlugin
2016-10-03 15:51 - 2015-12-07 05:21 - 00000000 ____D C:\Users\Space Kid\Desktop\Feel Better!
==================== Files in the root of some directories =======
2016-10-30 19:39 - 2016-10-30 19:41 - 0000003 _____ () C:\Users\Space Kid\AppData\Local\run1.txt
Some files in TEMP:
====================
C:\Users\Space Kid\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Space Kid\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-26 17:37
==================== End of FRST.txt ============================
It's weird that this time malwarebytes didn't find the Hijack.Host files this time, but i suspect they are still there as my computer is still incredibly slow when run without safe mode