Mikaaaa

Okay, I ran the scans in safe mode because it was nearly impossible for me to do without, hope that's okay. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/2/2016 Scan Time: 6:39 PM Logfile: mbamlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.02.13 Rootkit Database: v2016.10.31.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Space Kid Scan Type: Threat Scan Result: Completed Objects Scanned: 376156 Time Elapsed: 37 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016 Ran by Space Kid (02-11-2016 19:39:17) Running from C:\Users\Space Kid\Desktop Windows 8.1 (Update) (X64) (2015-06-22 14:16:26) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3257608161-552445302-3632482908-500 - Administrator - Enabled) => C:\Users\Administrator.doms-pc Guest (S-1-5-21-3257608161-552445302-3632482908-501 - Limited - Disabled) Space Kid (S-1-5-21-3257608161-552445302-3632482908-1001 - Administrator - Enabled) => C:\Users\Space Kid ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.220.2 - AVAST Software) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.4.6121 - CyberLink Corp.) Hidden CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4926 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.4930 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3726 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.3.3726 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.4724 - CyberLink Corp.) Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Foxit PhantomPDF (HKLM-x32\...\{00AB67E6-7A15-4357-95AA-F06A6950EA7C}) (Version: 7.0.39.113 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hidden Odyssey 2 in 1 Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden HP 3D DriveGuard (HKLM-x32\...\{CC1FD1EF-FEF1-4A97-847C-D1652CD56C3C}) (Version: 6.0.23.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{7C025928-4B8C-4754-81A4-8B34A57E4725}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden Insane Cold: Back to the Ice Age (x32 Version: 3.0.2.59 - WildTangent) Hidden Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation) Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10300.137 - Intel Corporation) Intel(R) PRO/Wireless Driver (HKLM\...\{33d748b9-4100-4fef-bcdc-33e69f098c38}) (Version: 17.13.2000.2036 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4189 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1036 - Intel Corporation) Intel(R) USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.26 - Intel Corporation) Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation) Intel(R) WiDi (HKLM\...\{D4357222-DD31-4AD7-8ABE-4881D47D906F}) (Version: 5.2.2.0 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{A5830729-36A3-4900-8135-D8A972914342}) (Version: 1.0.0.516 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.) Kodi (HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Kodi) (Version: - XBMC-Foundation) Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.159 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden Norton Security (HKLM-x32\...\NS) (Version: 22.8.0.50 - Symantec Corporation) OpenToonz version 1.0.1 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0.1 - DWANGO Co., Ltd.) Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7478 - Realtek Semiconductor Corp.) REOptimizer (HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\REOptimizer) (Version: - ) <==== ATTENTION Rory's Restaurant (x32 Version: 3.0.2.59 - WildTangent) Hidden Royal Envoy Double Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.) Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.) Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.55 - Synaptics Incorporated) Undertale (HKLM-x32\...\VW5kZXJ0YWxl_is1) (Version: 1 - ) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden Windows Driver Package - Intel Corporation (iagpioe) System (02/28/2015 603.9600.1920.60719) (HKLM\...\F7BD032DC4815E48C8FFD310F4793B930D5F4837) (Version: 02/28/2015 603.9600.1920.60719 - Intel Corporation) Windows Driver Package - Intel Corporation (iai2ce) System (02/28/2015 603.9600.2425.60717) (HKLM\...\358163B8DA80E489A41CAAC6542BF9E6245297EA) (Version: 02/28/2015 603.9600.2425.60717 - Intel Corporation) Windows Driver Package - Intel Corporation (iauarte) System (02/16/2015 603.9600.2426.59928) (HKLM\...\EBFE7C1B6A8869998B8883D5FAFEA855A69722C8) (Version: 02/16/2015 603.9600.2426.59928 - Intel Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0C1A3095-63C7-455A-B254-14C2B2292AF7} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {162E629E-66E3-4D0D-A6F7-D7C6B329FCD4} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.) Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {1AAE30DF-D993-4177-89DD-B6FE6BF221DC} - \Start SimplePass -> No File <==== ATTENTION Task: {1C8A718F-95CC-4BA7-A08A-EEE77522E721} - \Start OPBHOBroker -> No File <==== ATTENTION Task: {1D8DA2B8-5A44-45A4-9CA0-EDAF2C827892} - \YCMServiceAgent -> No File <==== ATTENTION Task: {1DDDB96B-0267-44D1-91CC-B9126DB5CCAA} - \McAfeeLogon -> No File <==== ATTENTION Task: {1E8D30CE-9F40-43CA-975D-1EAF6DC3A7B4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {200232D1-D737-4234-AC01-2AA64D00F81A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation) Task: {27BFE6FA-F799-4A33-9C4A-0BB670657972} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {28825653-43FB-47CE-AE5F-4359769FD9FE} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION Task: {2AB25B82-8CF8-4A48-A46C-EE612DDBE97D} - \User_Feed_Synchronization-{544CA83F-4211-4E41-8586-A6475FB33457} -> No File <==== ATTENTION Task: {2D11114C-D6A6-4BC9-90F2-3969792CDBD3} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation) Task: {33F5D08F-7687-4872-B77C-303ED79FB8E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {345EBB73-6308-4146-811B-3B8D6B05E0A6} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION Task: {53C8788C-DCEC-400B-8E01-D8038607AB28} - \HPCeeScheduleForSpace Kid -> No File <==== ATTENTION Task: {5CDDAE38-3285-4592-A592-D872D613F7CA} - \Avast SecureLine -> No File <==== ATTENTION Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {8489496B-AFE3-44BB-BF60-BB12C993115A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {9443B7F6-54B1-4578-BF3B-54387CC74737} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-12] (Microsoft Corporation) Task: {99FA0B6D-8A8B-4E9C-ABDE-137CC9112D91} - \Start OPBHOBrokerDesktop -> No File <==== ATTENTION Task: {9C66E8C8-0722-4644-B44C-607A2F48043C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation) Task: {ACA40B85-037A-4B25-9748-DD08949057EF} - \DropboxOEM -> No File <==== ATTENTION Task: {B4234462-FDAC-4B01-BC0D-B7568BA2ADC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {B682A0E1-4797-471F-BFF7-A78A547BBD38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {C7231CA3-2EBA-40A0-9F87-56C2F7ADBE80} - \Adobe Flash Player Updater -> No File <==== ATTENTION Task: {CE59565F-5149-4DF4-AD0E-E8C29971CE4F} - \avast! SL Update -> No File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe Task: {E7A94DAC-5EFD-4A46-839C-1A77BBB6B457} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation) Task: {F029944A-C247-4D71-9930-C9253B180C2C} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {F1B56BD0-5966-469B-BEB5-9B9D2022B615} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION Task: {FA21E427-E748-47B8-A406-760BDC7F97ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForSpace Kid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ebd56dad7f13a36\Skype.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic ==================== Loaded Modules (Whitelisted) ============== 2016-11-02 14:53 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2016-11-02 14:53 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-11-01 20:15 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3257608161-552445302-3632482908-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Space Kid\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{e5c14e7e-53d7-43ce-b8aa-c0cf7f7a85ec}.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run32: => "svchost.exe -start" HKLM\...\StartupApproved\Run32: => "dllhost.exe -start" HKLM\...\StartupApproved\Run32: => "cpx" HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\StartupApproved\Run: => "etregx" HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\StartupApproved\Run: => "Itibiti.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D2EAFD83-F066-48A5-BE00-097BE52703E4}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6DBBDF59-0584-47D3-8210-AE513524D403}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C088EC7E-F585-42DA-A411-FFEACDD0C45E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6EF48FA0-E5FF-4C56-AD45-D52941BCE4B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B08B00AB-2C07-4174-AAA8-35E580B8587A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B2AFA64E-FDEA-488B-A6F8-82458E7B9987}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe FirewallRules: [{A22ADA3B-FB9A-4ECD-BC21-4D6CB59F6D1F}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{A6424183-25DC-42DC-92F0-FCFF9D702D2D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{33B7D5C9-9D3C-4CAF-BB9B-157D2EDC7E12}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{70E09E56-A5D3-4882-A530-EFF99EF1DDCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{631BBA33-C55F-4B8F-8D4F-25760A54A68A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{C1E4F178-21FD-46D8-8A1F-E6B471C841C5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{CD8600A9-CB0C-4F4B-9DBA-586CAD237A95}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{2259269A-E570-4146-961D-A910734D5A6B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{5FB99AB8-DE3F-4339-9A61-A1DA626B664C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{7B7D5D48-68D8-4E80-B651-C3F90D3BA9C3}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe FirewallRules: [{69132D07-1C79-442F-809D-944ABB08C81F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [TCP Query User{C37A60A7-5AD1-4321-9979-3A9F7D1574CA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{59D7A69C-FABD-4699-B263-2BF82ACF61F0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{AF0716D5-8236-4E70-AD11-8E4AD224C64D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0EEF12B5-3841-4F9E-9E71-D6302A7FBB79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{D845231C-3E71-475B-888F-2D9196538000}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{1F173821-FB88-4BAF-B9E1-7946FFF8010C}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{4BF1EC75-D82A-4D1C-8550-CB872CF6F47C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7D0C91CD-460A-405D-9D8F-03B3C89D42EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CF86EA08-892F-4B22-BCAD-2E9545C5B17F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F29003DA-DB46-4F8A-9B84-E2F29ED652C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D107D811-3680-4A70-9090-CA2E33478CEF}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{C532AA8E-F006-4C39-8DC5-B22BFD10F6EA}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{9844BE7A-3731-48C6-88DC-3F186F85A67D}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{10CE3C73-B067-4AA3-993B-0FFB6735CB6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{A45DA536-1A60-4B08-9C7C-8C6B74BF82A7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{6F966BC5-F26B-477A-860B-42214FB81C33}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{8EC84FC6-82D8-4C7E-8141-D527F98944DF}] => (Allow) C:\Users\Space Kid\AppData\Local\50122569.exe FirewallRules: [{6689AB77-7AE3-4091-9DEE-577C6AA35823}] => (Allow) C:\Program Files (x86)\treasury\pentecostals.exe FirewallRules: [{DF0B4932-D979-42DB-9C5E-7B61B9874E8D}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [TCP Query User{63065F85-5D07-4316-BCC0-8C38BA4A697B}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [UDP Query User{33FB963F-B2E2-4239-8B33-E7CCD08129F9}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe ==================== Restore Points ========================= 07-06-2016 21:44:59 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 07-06-2016 21:46:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 19-07-2016 13:53:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 30-09-2016 20:42:22 Installed iTunes 30-10-2016 20:22:41 Removed 7-Zip 9.20 (x64 edition) 01-11-2016 20:07:18 Norton_Power_Eraser_20161101200656354 ==================== Faulty Device Manager Devices ============= Name: Intel(R) Serial IO I2C ES Controller Description: Intel(R) Serial IO I2C ES Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: iai2ce Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Intel(R) Serial IO I2C ES Controller Description: Intel(R) Serial IO I2C ES Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: iai2ce Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Intel(R) Serial IO I2C ES Controller Description: Intel(R) Serial IO I2C ES Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: iai2ce Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (11/02/2016 07:26:32 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Policy: Passive Policy [0] Error: (11/02/2016 05:48:38 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Policy: Passive Policy [0] Error: (11/02/2016 05:27:17 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Policy: Passive Policy [0] Error: (11/02/2016 02:38:56 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10300.137 DPTF Build Date: Mar 5 2015 15:46:51 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 437 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Policy: Passive Policy [0] Error: (11/02/2016 02:34:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 02:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 02:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 02:29:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 02:29:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 02:29:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (11/02/2016 07:39:27 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/02/2016 07:39:18 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/02/2016 07:39:18 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/02/2016 07:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/02/2016 07:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/02/2016 07:38:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/02/2016 07:38:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/02/2016 07:37:14 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/02/2016 07:37:14 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/02/2016 07:36:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. CodeIntegrity: =================================== Date: 2016-10-31 16:32:21.748 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-31 11:16:22.159 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-31 11:15:56.466 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-31 11:08:38.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 17:39:33.605 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 17:39:30.357 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 17:38:09.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 17:38:07.659 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 17:38:04.985 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 17:38:02.351 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz Percentage of memory in use: 32% Total physical RAM: 4019.02 MB Available physical RAM: 2722.36 MB Total Virtual: 4915.02 MB Available Virtual: 3669.3 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:437.32 GB) (Free:352.48 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:27.42 GB) (Free:3.06 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016 Ran by Space Kid (administrator) on DOMS-PC (02-11-2016 19:37:13) Running from C:\Users\Space Kid\Desktop Loaded Profiles: Space Kid (Available Profiles: Space Kid & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8464600 2015-04-22] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-03-05] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126192 2014-10-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-18] () HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.) HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [BingSvc] => C:\Users\Space Kid\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe HKU\S-1-5-18\...\Run: [] => 0 Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnashing.lnk [2016-10-30] ShortcutTarget: gnashing.lnk -> C:\Program Files (x86)\treasury\pentecostals.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{1CA066BF-D1BE-4AE3-A8ED-36A21407AC8A}: [DhcpNameServer] 172.168.0.2 Tcpip\..\Interfaces\{5EF38A7E-8EAD-4542-8BD3-90D288882EA1}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3257608161-552445302-3632482908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mytransitguide/s18478/index.html?n=782B4A6B&p2=^BNH^xdm648^S18478^us&ptb=F7BE2B4F-D582-49B1-8FD1-799AFBBB5A3F&si=539528_17 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-3257608161-552445302-3632482908-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {F6BA0B32-4D39-4E9C-9EA3-199B46FEEEF9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} SearchScopes: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> {F6BA0B32-4D39-4E9C-9EA3-199B46FEEEF9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation) Toolbar: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation) IE Session Restore: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> is enabled. Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-06-29] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-06-29] (McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-01] FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-19] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-09-17] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-06-29] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-06-29] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] () FF Plugin HKU\S-1-5-21-3257608161-552445302-3632482908-1001: SkypePlugin -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi.dll [2016-09-22] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3257608161-552445302-3632482908-1001: SkypePlugin64 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi-x64.dll [2016-09-22] (Skype Technologies S.A.) Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxp://google.com/" CHR Profile: C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default [2016-11-02] CHR Extension: (Google Slides) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19] CHR Extension: (Google Docs) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19] CHR Extension: (Google Drive) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19] CHR Extension: (Skype Calling) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-25] CHR Extension: (YouTube) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19] CHR Extension: (Adblock Plus) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Norton Security Toolbar) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-11-01] CHR Extension: (Google Search) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19] CHR Extension: (Google Sheets) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19] CHR Extension: (Stylish) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-14] CHR Extension: (Google Docs Offline) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Norton Identity Safe) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-11-01] CHR Extension: (New XKit) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-11-19] CHR Extension: (Skype) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-26] CHR Extension: (True Key™ by Intel Security) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2016-10-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19] CHR Extension: (Chrome Media Router) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-01] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3257608161-552445302-3632482908-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-01] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.) S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1332184 2015-03-31] (Intel Corporation) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) S2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-11-04] (Intel Corporation) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-04-22] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2014-10-03] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-18] () [File not signed] S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-18] () [File not signed] S2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [172320 2014-12-10] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-06-29] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.) S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.) S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] () S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-23] (Symantec Corporation) S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed] S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-04-22] (Realtek Semiconductor) S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2016-01-03] () S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-05] (Synaptics Incorporated) S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.) S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation) S2 0067471477772397mcinstcleanup; C:\Windows\TEMP\006747~1.EXE -cleanup -nolog [X] S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20161101.001\BHDrvx64.sys [1854712 2016-09-23] (Symantec Corporation) S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-09-23] (Symantec Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [45648 2015-03-31] (Intel Corporation) S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [41552 2015-03-31] (Intel Corporation) R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-11-01] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-11-01] (Symantec Corporation) S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [243792 2015-03-31] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.) R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [32256 2015-02-28] (Intel(R) Corporation) S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [83968 2015-02-28] (Intel(R) Corporation) S3 iauarte; C:\Windows\System32\drivers\iauarte.sys [101888 2015-02-28] (Intel(R) Corporation) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [225008 2014-11-04] (Intel Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20161101.001\IDSvia64.sys [1012952 2016-11-01] (Symantec Corporation) S3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [4516280 2015-04-22] (Intel Corporation) R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [23824 2015-03-27] (Intel) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-02] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3482600 2014-11-17] (Intel Corporation) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-03-19] (Realtek Semiconductor Corp.) S3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-03-05] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-05] (Synaptics Incorporated) S3 SRTSP; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NSx64\1608000.032\SymELAM.sys [24192 2016-09-23] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-11-01] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation) S1 SymNetS; C:\Windows\system32\drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [114976 2014-11-24] (Intel Corporation) S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Windows (R) Win 7 DDK provider) R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2015-04-08] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 EraserUtilDrv11610; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11610.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161101.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161101.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-02 19:37 - 2016-11-02 19:38 - 00027804 _____ C:\Users\Space Kid\Desktop\FRST.txt 2016-11-02 19:32 - 2016-11-02 19:37 - 00000000 ____D C:\FRST 2016-11-02 19:31 - 2016-11-02 19:31 - 02408960 _____ (Farbar) C:\Users\Space Kid\Desktop\FRST64.exe 2016-11-02 17:55 - 2016-11-02 17:55 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator.doms-pc\Downloads\mbam-setup-2.2.1.1043 (1).exe 2016-11-02 04:29 - 2016-11-02 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-11-01 20:15 - 2016-11-01 20:15 - 00001780 _____ C:\Windows\system32\Drivers\etc\hosts.bak 2016-11-01 19:43 - 2016-11-01 20:49 - 00000000 ____D C:\Users\Space Kid\AppData\Local\NPE 2016-11-01 17:35 - 2016-11-01 17:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-11-01 17:34 - 2016-11-01 17:34 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Hewlett-Packard 2016-11-01 16:38 - 2016-11-02 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-01 16:38 - 2016-11-02 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-11-01 16:38 - 2016-11-01 17:33 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-11-01 16:38 - 2016-11-01 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-01 16:38 - 2016-11-01 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-11-01 16:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-11-01 16:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-11-01 16:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-11-01 16:37 - 2016-11-01 16:37 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator.doms-pc\Downloads\mbam-setup-2.2.1.1043.exe 2016-11-01 16:24 - 2016-11-01 16:24 - 00302776 _____ C:\Users\Administrator.doms-pc\Desktop\sfcdetail.txt 2016-11-01 16:10 - 2016-11-01 16:10 - 00302776 _____ C:\Windows\system32\sfcdetails.txt 2016-11-01 07:52 - 2016-11-01 07:55 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\NPE 2016-11-01 07:52 - 2016-11-01 07:52 - 03423928 _____ (Symantec Corporation) C:\Users\Administrator.doms-pc\Downloads\NPE.exe 2016-11-01 07:41 - 2016-11-01 07:41 - 00000000 ____D C:\Windows\system32\yva 2016-11-01 07:40 - 2016-11-01 07:40 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-11-01 07:35 - 2016-11-01 07:35 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security 2016-11-01 07:18 - 2016-11-01 09:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\ElevatedDiagnostics 2016-11-01 07:15 - 2016-11-01 17:33 - 00002403 _____ C:\Users\Public\Desktop\Norton Security.lnk 2016-11-01 07:15 - 2016-11-01 07:15 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-11-01 07:15 - 2016-11-01 07:15 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-11-01 07:15 - 2016-11-01 07:15 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-11-01 07:14 - 2016-11-01 07:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Windows\system32\Drivers\NSx64 2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Program Files (x86)\Norton Security 2016-11-01 07:13 - 2016-11-01 07:16 - 00000000 ____D C:\ProgramData\NortonInstaller 2016-11-01 07:13 - 2016-11-01 07:13 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-11-01 07:12 - 2016-11-01 17:32 - 00001448 _____ C:\Users\Administrator.doms-pc\Desktop\Norton Download Manager.lnk 2016-11-01 07:12 - 2016-11-01 17:32 - 00001257 _____ C:\Users\Administrator.doms-pc\Desktop\Norton Installation Files.lnk 2016-11-01 07:12 - 2016-11-01 07:53 - 00000000 ____D C:\ProgramData\Norton 2016-11-01 07:12 - 2016-11-01 07:12 - 01101088 _____ (Symantec Corporation) C:\Users\Administrator.doms-pc\Downloads\NSDeluxeDownloader.exe 2016-11-01 07:12 - 2016-11-01 07:12 - 00000000 ____D C:\Users\Public\Downloads\Norton 2016-11-01 06:31 - 2016-11-02 19:31 - 01931774 _____ C:\Windows\ntbtlog.txt 2016-11-01 06:30 - 2016-11-01 06:30 - 00000000 ____D C:\Windows\system32\buak 2016-11-01 06:27 - 2016-11-01 06:27 - 00000000 ____D C:\Windows\system32\paqo 2016-11-01 06:26 - 2016-11-01 06:26 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{90AF1C31-163E-48BE-9854-EBC6A6D85EFC} 2016-11-01 06:24 - 2016-11-01 06:24 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257608161-552445302-3632482908-500 2016-11-01 06:20 - 2016-11-01 06:20 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Macromedia 2016-11-01 06:19 - 2016-11-01 06:19 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Apple Computer 2016-11-01 06:17 - 2016-11-01 17:33 - 00001449 _____ C:\Users\Administrator.doms-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-11-01 06:17 - 2016-11-01 07:18 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Google 2016-11-01 06:17 - 2016-11-01 06:26 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Packages 2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Synaptics 2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Adobe 2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Hewlett-Packard 2016-11-01 06:16 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc 2016-11-01 06:16 - 2016-11-01 06:16 - 00000020 ___SH C:\Users\Administrator.doms-pc\ntuser.ini 2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\My Documents 2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Videos 2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Pictures 2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Music 2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Intel 2016-11-01 06:16 - 2016-01-04 22:13 - 00000000 ___HD C:\Users\Administrator.doms-pc\Documents\hp.system.package.metadata 2016-11-01 06:16 - 2015-04-23 06:43 - 00000000 ___HD C:\Users\Administrator.doms-pc\Documents\hp.applications.package.appdata 2016-11-01 04:14 - 2016-11-01 04:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software 2016-11-01 03:06 - 2016-11-01 03:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\UNDERTALE 2016-10-31 16:44 - 2016-11-01 06:07 - 00000000 ____D C:\Windows\system32\hoin 2016-10-31 16:36 - 2016-11-01 05:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2016-10-31 11:29 - 2016-10-31 11:29 - 00000000 ____D C:\Windows\system32\pay 2016-10-31 11:15 - 2016-10-31 11:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Foxit Software 2016-10-31 10:51 - 2016-10-31 10:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF 2016-10-31 10:17 - 2016-10-31 10:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard 2016-10-31 10:14 - 2016-10-31 10:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer 2016-10-31 10:13 - 2016-10-31 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2016-10-31 10:13 - 2016-10-31 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard 2016-10-31 10:11 - 2016-11-01 17:30 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles 2016-10-31 10:11 - 2016-10-31 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages 2016-10-31 10:11 - 2016-10-31 10:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics 2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel 2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2016-10-31 10:10 - 2016-11-01 06:09 - 00000000 ____D C:\Users\Administrator 2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\My Documents 2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos 2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures 2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music 2016-10-31 10:10 - 2016-01-04 22:13 - 00000000 ___HD C:\Users\Administrator\Documents\hp.system.package.metadata 2016-10-31 10:10 - 2015-04-23 06:43 - 00000000 ___HD C:\Users\Administrator\Documents\hp.applications.package.appdata 2016-10-31 09:47 - 2016-10-31 09:47 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Itibiti 2016-10-30 20:12 - 2016-11-01 08:54 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Geunfy 2016-10-30 19:48 - 2016-10-30 19:51 - 00000000 ____D C:\Users\Space Kid\AppData\Local\app 2016-10-30 19:43 - 2016-11-01 17:04 - 00000000 ____D C:\Users\Space Kid\AppData\LocalLow\Company 2016-10-30 19:43 - 2016-10-30 20:12 - 00000000 ____D C:\Users\Space Kid\AppData\Local\Tempfolder 2016-10-30 19:43 - 2016-10-30 19:43 - 00000000 ____D C:\uninst 2016-10-30 19:41 - 2016-10-30 19:41 - 00000000 ____H C:\Windows\system32\BIT98E0.tmp 2016-10-30 19:40 - 2016-11-01 17:04 - 00000000 ___HD C:\Program Files (x86)\treasury 2016-10-30 19:40 - 2016-11-01 07:56 - 00000000 ____D C:\Program Files (x86)\7C41F94C-1477874550-11E5-8397-F406694BA603 2016-10-30 19:40 - 2016-11-01 07:53 - 00000000 ___HD C:\Program Files (x86)\ellmann 2016-10-30 19:40 - 2016-10-30 19:40 - 00000000 _____ C:\TOSTACK 2016-10-30 19:39 - 2016-11-02 14:34 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257608161-552445302-3632482908-1001 2016-10-30 19:39 - 2016-10-30 19:41 - 00000003 _____ C:\Users\Space Kid\AppData\Local\run1.txt 2016-10-30 19:37 - 2016-11-01 17:04 - 00000000 ____D C:\Program Files (x86)\S5 2016-10-30 19:37 - 2016-10-30 19:37 - 00000000 ____D C:\Users\Space Kid\AppData\Local\CrashRpt 2016-10-30 19:36 - 2016-11-01 20:42 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Xbox 2016-10-30 19:36 - 2016-11-01 05:55 - 00000000 ____D C:\Program Files (x86)\Microleaves 2016-10-30 19:00 - 2016-10-30 19:00 - 00002259 _____ C:\Windows\epplauncher.mif 2016-10-30 18:57 - 2016-10-30 18:59 - 14324408 _____ (Microsoft Corporation) C:\Users\Space Kid\Downloads\mseinstall.exe 2016-10-30 18:19 - 2016-10-30 18:19 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\WinRAR 2016-10-30 17:37 - 2016-11-01 17:33 - 00000994 _____ C:\Users\Public\Desktop\WinRAR.lnk 2016-10-30 17:37 - 2016-11-01 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-10-30 17:37 - 2016-10-30 17:37 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-10-30 17:36 - 2016-10-30 17:37 - 00000000 ____D C:\Program Files\WinRAR 2016-10-30 17:36 - 2016-10-30 17:36 - 02179856 _____ C:\Users\Space Kid\Downloads\winrar-x64-540.exe 2016-10-30 17:32 - 2016-10-30 17:32 - 01962408 _____ C:\Users\Space Kid\Downloads\wrar540.exe 2016-10-30 11:06 - 2016-10-30 11:06 - 02842320 _____ C:\Users\Space Kid\Downloads\npp.7.1.Installer.exe 2016-10-29 23:47 - 2016-10-29 23:47 - 00000000 ____D C:\Users\Space Kid\Downloads\spookysoiree-1.0-win 2016-10-29 23:46 - 2016-10-29 23:46 - 30356296 _____ C:\Users\Space Kid\Downloads\spookysoiree-1.0-win.zip 2016-10-27 11:50 - 2016-11-01 17:33 - 00002031 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-10-27 11:50 - 2016-11-01 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-10-25 17:28 - 2016-11-02 16:17 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Kodi 2016-10-25 10:24 - 2016-10-25 10:24 - 00707658 _____ C:\Users\Space Kid\Downloads\Syllabus - CLICK HERE to Download - IT_102_Desktop_Client_Support_Fall_2016_Hybrid_2nd8weeks.zip 2016-10-25 10:16 - 2016-10-30 00:12 - 00000000 ____D C:\Users\Space Kid\Downloads\school stuff 2016-10-17 16:27 - 2016-10-17 16:27 - 00765068 _____ C:\Users\Space Kid\Downloads\Syllabus - CLICK HERE to Download - IT_102_Desktop_Client_Support_Fall_2016_Hybrid_2nd8weeks.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-02 19:33 - 2014-11-20 23:42 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-02 19:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2016-11-02 19:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-02 18:37 - 2015-06-22 09:16 - 00000000 ____D C:\Users\Space Kid 2016-11-02 14:40 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-11-02 14:38 - 2015-11-19 22:03 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-02 14:37 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-11-02 14:34 - 2016-05-18 18:22 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Skype 2016-11-02 14:30 - 2015-11-20 01:31 - 00000000 ___DO C:\Users\Space Kid\OneDrive 2016-11-02 14:29 - 2015-06-22 09:17 - 00000000 __SHD C:\Users\Space Kid\IntelGraphicsProfiles 2016-11-02 14:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2016-11-02 14:29 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2016-11-02 14:27 - 2016-07-19 13:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-02 14:27 - 2016-05-13 21:54 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForSpace Kid.job 2016-11-02 14:27 - 2015-11-19 22:03 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-02 04:28 - 2015-11-21 10:13 - 00000000 ____D C:\Program Files\Common Files\AV 2016-11-01 17:56 - 2015-11-19 22:03 - 00000000 ____D C:\Users\Space Kid\AppData\Local\Google 2016-11-01 17:33 - 2016-09-30 20:46 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-11-01 17:33 - 2016-09-30 20:42 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-11-01 17:33 - 2016-08-17 10:34 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk 2016-11-01 17:33 - 2016-08-02 23:40 - 00000937 _____ C:\Users\Public\Desktop\OpenToonz.lnk 2016-11-01 17:33 - 2016-07-19 13:55 - 00001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2016-11-01 17:33 - 2016-07-19 13:55 - 00001247 _____ C:\Users\Public\Desktop\True Key.lnk 2016-11-01 17:33 - 2016-05-18 18:22 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk 2016-11-01 17:33 - 2015-11-23 11:18 - 00000824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undertale.lnk 2016-11-01 17:33 - 2015-11-23 11:18 - 00000812 _____ C:\Users\Public\Desktop\Undertale.lnk 2016-11-01 17:33 - 2015-11-19 22:04 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-01 17:33 - 2015-11-19 22:04 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-11-01 17:33 - 2015-06-22 09:17 - 00001396 _____ C:\Users\Public\Desktop\Priceline.com.lnk 2016-11-01 17:33 - 2015-06-22 09:17 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk 2016-11-01 17:33 - 2015-06-19 15:49 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-11-01 17:33 - 2015-06-19 15:39 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk 2016-11-01 17:33 - 2015-06-19 15:39 - 00002519 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2016-11-01 17:33 - 2015-06-19 15:39 - 00002155 _____ C:\Users\Public\Desktop\Connected Music.lnk 2016-11-01 17:33 - 2015-06-19 15:18 - 00001636 _____ C:\Users\Public\Desktop\Connected Photo.lnk 2016-11-01 17:33 - 2015-06-19 15:16 - 00002169 _____ C:\Users\Public\Desktop\Connected Drive.lnk 2016-11-01 17:33 - 2015-06-19 15:14 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk 2016-11-01 13:29 - 2016-08-02 23:38 - 00000000 ____D C:\OpenToonz 1.0 stuff 2016-11-01 08:01 - 2015-11-23 11:16 - 00000000 ____D C:\Program Files (x86)\Undertale 2016-11-01 07:15 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-11-01 06:09 - 2015-06-19 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2016-11-01 06:08 - 2016-09-30 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-11-01 06:08 - 2016-08-17 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-11-01 06:08 - 2016-08-02 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenToonz 1.0 2016-11-01 06:08 - 2016-07-19 13:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2016-11-01 06:08 - 2016-05-18 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-11-01 06:08 - 2015-12-07 05:02 - 00000000 ___SD C:\Windows\system32\GWX 2016-11-01 06:08 - 2015-06-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation 2016-11-01 06:08 - 2015-06-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-11-01 06:08 - 2015-06-19 15:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-11-01 06:08 - 2015-06-19 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2016-11-01 06:08 - 2015-06-19 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB 2016-11-01 06:08 - 2015-06-19 15:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat 2016-11-01 06:08 - 2015-06-19 15:13 - 00000000 ____D C:\Program Files\7-Zip 2016-11-01 06:08 - 2015-06-19 14:55 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2016-11-01 06:08 - 2015-06-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-11-01 06:08 - 2015-04-23 06:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2016-11-01 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore 2016-11-01 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender 2016-11-01 05:56 - 2016-07-19 13:55 - 00000000 ____D C:\Users\Space Kid\AppData\Local\tkdata 2016-11-01 05:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\registration 2016-11-01 05:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Sysprep 2016-11-01 03:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF 2016-10-30 19:42 - 2015-06-22 09:17 - 00001657 _____ C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-30 00:15 - 2016-08-29 23:02 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\RenPy 2016-10-29 15:59 - 2016-07-19 13:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-10-29 15:22 - 2016-07-19 13:43 - 00000000 ____D C:\Program Files\TrueKey 2016-10-27 11:50 - 2016-07-21 15:51 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-10-27 08:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-27 08:10 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-26 09:17 - 2015-11-19 22:03 - 00000000 ____D C:\Users\Space Kid\Documents\Youcam 2016-10-26 09:14 - 2016-05-18 18:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-26 09:14 - 2016-05-18 18:21 - 00000000 ____D C:\ProgramData\Skype 2016-10-25 10:16 - 2016-01-08 19:45 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Foxit Software 2016-10-23 11:44 - 2016-08-25 15:30 - 00000000 ____D C:\Users\Space Kid\AppData\Local\SkypePlugin 2016-10-03 15:51 - 2015-12-07 05:21 - 00000000 ____D C:\Users\Space Kid\Desktop\Feel Better! ==================== Files in the root of some directories ======= 2016-10-30 19:39 - 2016-10-30 19:41 - 0000003 _____ () C:\Users\Space Kid\AppData\Local\run1.txt Some files in TEMP: ==================== C:\Users\Space Kid\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Space Kid\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-26 17:37 ==================== End of FRST.txt ============================ It's weird that this time malwarebytes didn't find the Hijack.Host files this time, but i suspect they are still there as my computer is still incredibly slow when run without safe mode

I recently downloaded Malwarebytes because I contracted some viruses somehow. My McAfee had just expired and I didn't renew my subscription so I was browsing the internet unprotected for a few days. Since discovering something was wrong, I downloaded Norton which gave me a month free trial and of course Malwarebytes. So far I think they have removed most of the viruses but every time I restart my computer and run a scan, detected files always appear under the name Hijack.Host. I did some research to see how to remove it and almost everything I find tells me to delete registry files and I do not trust myself to do that correctly, I'm not completely computer illiterate but I'm not a wiz either. I think it's really starting to affect my computer because it always runs very slowly unless I start it in safe mode. I have an HP and Windows 8.1 64-bit OS