Jump to content

Can't get rid of Hijack.Host


Mikaaaa
 Share

Recommended Posts

I recently downloaded Malwarebytes because I contracted some viruses somehow. My McAfee had just expired and I didn't renew my subscription so I was browsing the internet unprotected for a few days. Since discovering something  was wrong, I downloaded Norton which gave me a month free trial and of course Malwarebytes. So far I think they have removed most of the viruses but every time I restart my computer and run a scan, detected files always appear under the name Hijack.Host. I did some research to see how to remove it and almost everything I find tells me to delete registry files and I do not trust myself to do that correctly, I'm not completely computer illiterate but I'm not a wiz either. I think it's really starting to affect my computer because it always runs very slowly unless I start it in safe mode. I have an HP and Windows 8.1 64-bit OS 

Link to post
Share on other sites

Hello Mikaaaa and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your next reply...

Thank you,

Kevin...
Link to post
Share on other sites

Okay, I ran the scans in safe mode because it was nearly impossible for me to do without, hope that's okay.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/2/2016
Scan Time: 6:39 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.02.13
Rootkit Database: v2016.10.31.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Space Kid

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376156
Time Elapsed: 37 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Space Kid (02-11-2016 19:39:17)
Running from C:\Users\Space Kid\Desktop
Windows 8.1 (Update) (X64) (2015-06-22 14:16:26)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3257608161-552445302-3632482908-500 - Administrator - Enabled) => C:\Users\Administrator.doms-pc
Guest (S-1-5-21-3257608161-552445302-3632482908-501 - Limited - Disabled)
Space Kid (S-1-5-21-3257608161-552445302-3632482908-1001 - Administrator - Enabled) => C:\Users\Space Kid

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.220.2 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.4.6121 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4926 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.4930 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3726 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.3.3726 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.4724 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{00AB67E6-7A15-4357-95AA-F06A6950EA7C}) (Version: 7.0.39.113 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Odyssey 2 in 1 Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{CC1FD1EF-FEF1-4A97-847C-D1652CD56C3C}) (Version: 6.0.23.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7C025928-4B8C-4754-81A4-8B34A57E4725}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (x32 Version: 3.0.2.59 - WildTangent) Hidden
Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10300.137 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{33d748b9-4100-4fef-bcdc-33e69f098c38}) (Version: 17.13.2000.2036 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4189 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1036 - Intel Corporation)
Intel(R) USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.26 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{D4357222-DD31-4AD7-8ABE-4881D47D906F}) (Version: 5.2.2.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{A5830729-36A3-4900-8135-D8A972914342}) (Version: 1.0.0.516 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Kodi (HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Kodi) (Version:  - XBMC-Foundation)
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.159 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.8.0.50 - Symantec Corporation)
OpenToonz version 1.0.1 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0.1 - DWANGO Co., Ltd.)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7478 - Realtek Semiconductor Corp.)
REOptimizer (HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\REOptimizer) (Version:  - ) <==== ATTENTION
Rory's Restaurant (x32 Version: 3.0.2.59 - WildTangent) Hidden
Royal Envoy Double Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.55 - Synaptics Incorporated)
Undertale (HKLM-x32\...\VW5kZXJ0YWxl_is1) (Version: 1 - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Intel Corporation (iagpioe) System  (02/28/2015 603.9600.1920.60719) (HKLM\...\F7BD032DC4815E48C8FFD310F4793B930D5F4837) (Version: 02/28/2015 603.9600.1920.60719 - Intel Corporation)
Windows Driver Package - Intel Corporation (iai2ce) System  (02/28/2015 603.9600.2425.60717) (HKLM\...\358163B8DA80E489A41CAAC6542BF9E6245297EA) (Version: 02/28/2015 603.9600.2425.60717 - Intel Corporation)
Windows Driver Package - Intel Corporation (iauarte) System  (02/16/2015 603.9600.2426.59928) (HKLM\...\EBFE7C1B6A8869998B8883D5FAFEA855A69722C8) (Version: 02/16/2015 603.9600.2426.59928 - Intel Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3257608161-552445302-3632482908-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0C1A3095-63C7-455A-B254-14C2B2292AF7} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {162E629E-66E3-4D0D-A6F7-D7C6B329FCD4} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1AAE30DF-D993-4177-89DD-B6FE6BF221DC} - \Start SimplePass -> No File <==== ATTENTION
Task: {1C8A718F-95CC-4BA7-A08A-EEE77522E721} - \Start OPBHOBroker -> No File <==== ATTENTION
Task: {1D8DA2B8-5A44-45A4-9CA0-EDAF2C827892} - \YCMServiceAgent -> No File <==== ATTENTION
Task: {1DDDB96B-0267-44D1-91CC-B9126DB5CCAA} - \McAfeeLogon -> No File <==== ATTENTION
Task: {1E8D30CE-9F40-43CA-975D-1EAF6DC3A7B4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {200232D1-D737-4234-AC01-2AA64D00F81A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {27BFE6FA-F799-4A33-9C4A-0BB670657972} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {28825653-43FB-47CE-AE5F-4359769FD9FE} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {2AB25B82-8CF8-4A48-A46C-EE612DDBE97D} - \User_Feed_Synchronization-{544CA83F-4211-4E41-8586-A6475FB33457} -> No File <==== ATTENTION
Task: {2D11114C-D6A6-4BC9-90F2-3969792CDBD3} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {33F5D08F-7687-4872-B77C-303ED79FB8E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {345EBB73-6308-4146-811B-3B8D6B05E0A6} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {53C8788C-DCEC-400B-8E01-D8038607AB28} - \HPCeeScheduleForSpace Kid -> No File <==== ATTENTION
Task: {5CDDAE38-3285-4592-A592-D872D613F7CA} - \Avast SecureLine -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {8489496B-AFE3-44BB-BF60-BB12C993115A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9443B7F6-54B1-4578-BF3B-54387CC74737} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {99FA0B6D-8A8B-4E9C-ABDE-137CC9112D91} - \Start OPBHOBrokerDesktop -> No File <==== ATTENTION
Task: {9C66E8C8-0722-4644-B44C-607A2F48043C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {ACA40B85-037A-4B25-9748-DD08949057EF} - \DropboxOEM -> No File <==== ATTENTION
Task: {B4234462-FDAC-4B01-BC0D-B7568BA2ADC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B682A0E1-4797-471F-BFF7-A78A547BBD38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C7231CA3-2EBA-40A0-9F87-56C2F7ADBE80} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {CE59565F-5149-4DF4-AD0E-E8C29971CE4F} - \avast! SL Update -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {E7A94DAC-5EFD-4A46-839C-1A77BBB6B457} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {F029944A-C247-4D71-9930-C9253B180C2C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {F1B56BD0-5966-469B-BEB5-9B9D2022B615} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FA21E427-E748-47B8-A406-760BDC7F97ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSpace Kid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756,
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756,
ShortcutWithArgument: C:\Users\Space Kid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ebd56dad7f13a36\Skype.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GAVzftptn095001AU,e1461535-7a46-47b7-8e8b-8e69c57fb756, --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-11-02 14:53 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-11-02 14:53 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-11-01 20:15 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3257608161-552445302-3632482908-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Space Kid\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{e5c14e7e-53d7-43ce-b8aa-c0cf7f7a85ec}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "svchost.exe -start"
HKLM\...\StartupApproved\Run32: => "dllhost.exe -start"
HKLM\...\StartupApproved\Run32: => "cpx"
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\StartupApproved\Run: => "etregx"
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\StartupApproved\Run: => "Itibiti.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D2EAFD83-F066-48A5-BE00-097BE52703E4}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6DBBDF59-0584-47D3-8210-AE513524D403}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C088EC7E-F585-42DA-A411-FFEACDD0C45E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6EF48FA0-E5FF-4C56-AD45-D52941BCE4B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B08B00AB-2C07-4174-AAA8-35E580B8587A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2AFA64E-FDEA-488B-A6F8-82458E7B9987}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{A22ADA3B-FB9A-4ECD-BC21-4D6CB59F6D1F}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A6424183-25DC-42DC-92F0-FCFF9D702D2D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{33B7D5C9-9D3C-4CAF-BB9B-157D2EDC7E12}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{70E09E56-A5D3-4882-A530-EFF99EF1DDCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{631BBA33-C55F-4B8F-8D4F-25760A54A68A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{C1E4F178-21FD-46D8-8A1F-E6B471C841C5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{CD8600A9-CB0C-4F4B-9DBA-586CAD237A95}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2259269A-E570-4146-961D-A910734D5A6B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5FB99AB8-DE3F-4339-9A61-A1DA626B664C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{7B7D5D48-68D8-4E80-B651-C3F90D3BA9C3}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{69132D07-1C79-442F-809D-944ABB08C81F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{C37A60A7-5AD1-4321-9979-3A9F7D1574CA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59D7A69C-FABD-4699-B263-2BF82ACF61F0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AF0716D5-8236-4E70-AD11-8E4AD224C64D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0EEF12B5-3841-4F9E-9E71-D6302A7FBB79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D845231C-3E71-475B-888F-2D9196538000}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{1F173821-FB88-4BAF-B9E1-7946FFF8010C}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{4BF1EC75-D82A-4D1C-8550-CB872CF6F47C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D0C91CD-460A-405D-9D8F-03B3C89D42EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF86EA08-892F-4B22-BCAD-2E9545C5B17F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F29003DA-DB46-4F8A-9B84-E2F29ED652C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D107D811-3680-4A70-9090-CA2E33478CEF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{C532AA8E-F006-4C39-8DC5-B22BFD10F6EA}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{9844BE7A-3731-48C6-88DC-3F186F85A67D}C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\space kid\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{10CE3C73-B067-4AA3-993B-0FFB6735CB6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A45DA536-1A60-4B08-9C7C-8C6B74BF82A7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{6F966BC5-F26B-477A-860B-42214FB81C33}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8EC84FC6-82D8-4C7E-8141-D527F98944DF}] => (Allow) C:\Users\Space Kid\AppData\Local\50122569.exe
FirewallRules: [{6689AB77-7AE3-4091-9DEE-577C6AA35823}] => (Allow) C:\Program Files (x86)\treasury\pentecostals.exe
FirewallRules: [{DF0B4932-D979-42DB-9C5E-7B61B9874E8D}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{63065F85-5D07-4316-BCC0-8C38BA4A697B}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [UDP Query User{33FB963F-B2E2-4239-8B33-E7CCD08129F9}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe

==================== Restore Points =========================

07-06-2016 21:44:59 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
07-06-2016 21:46:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
19-07-2016 13:53:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
30-09-2016 20:42:22 Installed iTunes
30-10-2016 20:22:41 Removed 7-Zip 9.20 (x64 edition)
01-11-2016 20:07:18 Norton_Power_Eraser_20161101200656354

==================== Faulty Device Manager Devices =============

Name: Intel(R) Serial IO I2C ES Controller
Description: Intel(R) Serial IO I2C ES Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iai2ce
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel(R) Serial IO I2C ES Controller
Description: Intel(R) Serial IO I2C ES Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iai2ce
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel(R) Serial IO I2C ES Controller
Description: Intel(R) Serial IO I2C ES Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iai2ce
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2016 07:26:32 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR

DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]


Policy:  Passive Policy [0]

Error: (11/02/2016 05:48:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR

DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]


Policy:  Passive Policy [0]

Error: (11/02/2016 05:27:17 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR

DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]


Policy:  Passive Policy [0]

Error: (11/02/2016 02:38:56 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10300.137) TYPE: ERROR

DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 640
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10300.137
DPTF Build Date:  Mar  5 2015 15:46:51
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 437
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]


Policy:  Passive Policy [0]

Error: (11/02/2016 02:34:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/02/2016 02:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/02/2016 02:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/02/2016 02:29:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/02/2016 02:29:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/02/2016 02:29:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DOMS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/02/2016 07:39:27 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/02/2016 07:39:18 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/02/2016 07:39:18 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/02/2016 07:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/02/2016 07:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/02/2016 07:38:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (11/02/2016 07:38:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (11/02/2016 07:37:14 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/02/2016 07:37:14 PM) (Source: DCOM) (EventID: 10005) (User: DOMS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/02/2016 07:36:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2016-10-31 16:32:21.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-31 11:16:22.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-31 11:15:56.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-31 11:08:38.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:39:33.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:39:30.357
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:38:09.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:38:07.659
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:38:04.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:38:02.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 4019.02 MB
Available physical RAM: 2722.36 MB
Total Virtual: 4915.02 MB
Available Virtual: 3669.3 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:437.32 GB) (Free:352.48 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:27.42 GB) (Free:3.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Space Kid (administrator) on DOMS-PC (02-11-2016 19:37:13)
Running from C:\Users\Space Kid\Desktop
Loaded Profiles: Space Kid (Available Profiles: Space Kid & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8464600 2015-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-03-05] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126192 2014-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-18] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [BingSvc] => C:\Users\Space Kid\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-18\...\Run: [] => 0
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnashing.lnk [2016-10-30]
ShortcutTarget: gnashing.lnk -> C:\Program Files (x86)\treasury\pentecostals.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1CA066BF-D1BE-4AE3-A8ED-36A21407AC8A}: [DhcpNameServer] 172.168.0.2
Tcpip\..\Interfaces\{5EF38A7E-8EAD-4542-8BD3-90D288882EA1}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mytransitguide/s18478/index.html?n=782B4A6B&p2=^BNH^xdm648^S18478^us&ptb=F7BE2B4F-D582-49B1-8FD1-799AFBBB5A3F&si=539528_17
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-3257608161-552445302-3632482908-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {F6BA0B32-4D39-4E9C-9EA3-199B46FEEEF9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> {F6BA0B32-4D39-4E9C-9EA3-199B46FEEEF9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
IE Session Restore: HKU\S-1-5-21-3257608161-552445302-3632482908-1001 -> is enabled.
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-06-29] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-06-29] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-01]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-09-17] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-06-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-06-29] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin HKU\S-1-5-21-3257608161-552445302-3632482908-1001: SkypePlugin -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi.dll [2016-09-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3257608161-552445302-3632482908-1001: SkypePlugin64 -> C:\Users\Space Kid\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi-x64.dll [2016-09-22] (Skype Technologies S.A.)

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default [2016-11-02]
CHR Extension: (Google Slides) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19]
CHR Extension: (Google Docs) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19]
CHR Extension: (Google Drive) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (Skype Calling) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-25]
CHR Extension: (YouTube) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-11-01]
CHR Extension: (Google Search) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Sheets) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19]
CHR Extension: (Stylish) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-11-01]
CHR Extension: (New XKit) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-11-19]
CHR Extension: (Skype) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-26]
CHR Extension: (True Key™ by Intel Security) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\Space Kid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3257608161-552445302-3632482908-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1332184 2015-03-31] (Intel Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-11-04] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-04-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2014-10-03] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-18] () [File not signed]
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-18] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [172320 2014-12-10] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-06-29] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] ()
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-23] (Symantec Corporation)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-04-22] (Realtek Semiconductor)
S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2016-01-03] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-05] (Synaptics Incorporated)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation)
S2 0067471477772397mcinstcleanup; C:\Windows\TEMP\006747~1.EXE -cleanup -nolog [X]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20161101.001\BHDrvx64.sys [1854712 2016-09-23] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-09-23] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [45648 2015-03-31] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [41552 2015-03-31] (Intel Corporation)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-11-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-11-01] (Symantec Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [243792 2015-03-31] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [32256 2015-02-28] (Intel(R) Corporation)
S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [83968 2015-02-28] (Intel(R) Corporation)
S3 iauarte; C:\Windows\System32\drivers\iauarte.sys [101888 2015-02-28] (Intel(R) Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [225008 2014-11-04] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20161101.001\IDSvia64.sys [1012952 2016-11-01] (Symantec Corporation)
S3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [4516280 2015-04-22] (Intel Corporation)
R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [23824 2015-03-27] (Intel)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3482600 2014-11-17] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-03-19] (Realtek Semiconductor Corp.)
S3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-05] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1608000.032\SymELAM.sys [24192 2016-09-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-11-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [114976 2014-11-24] (Intel Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Windows (R) Win 7 DDK provider)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2015-04-08] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 EraserUtilDrv11610; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11610.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161101.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161101.002\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-02 19:37 - 2016-11-02 19:38 - 00027804 _____ C:\Users\Space Kid\Desktop\FRST.txt
2016-11-02 19:32 - 2016-11-02 19:37 - 00000000 ____D C:\FRST
2016-11-02 19:31 - 2016-11-02 19:31 - 02408960 _____ (Farbar) C:\Users\Space Kid\Desktop\FRST64.exe
2016-11-02 17:55 - 2016-11-02 17:55 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator.doms-pc\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-11-02 04:29 - 2016-11-02 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-11-01 20:15 - 2016-11-01 20:15 - 00001780 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2016-11-01 19:43 - 2016-11-01 20:49 - 00000000 ____D C:\Users\Space Kid\AppData\Local\NPE
2016-11-01 17:35 - 2016-11-01 17:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-01 17:34 - 2016-11-01 17:34 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Hewlett-Packard
2016-11-01 16:38 - 2016-11-02 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-01 16:38 - 2016-11-02 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-01 16:38 - 2016-11-01 17:33 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-01 16:38 - 2016-11-01 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-01 16:38 - 2016-11-01 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-01 16:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-01 16:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-01 16:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-01 16:37 - 2016-11-01 16:37 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator.doms-pc\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-01 16:24 - 2016-11-01 16:24 - 00302776 _____ C:\Users\Administrator.doms-pc\Desktop\sfcdetail.txt
2016-11-01 16:10 - 2016-11-01 16:10 - 00302776 _____ C:\Windows\system32\sfcdetails.txt
2016-11-01 07:52 - 2016-11-01 07:55 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\NPE
2016-11-01 07:52 - 2016-11-01 07:52 - 03423928 _____ (Symantec Corporation) C:\Users\Administrator.doms-pc\Downloads\NPE.exe
2016-11-01 07:41 - 2016-11-01 07:41 - 00000000 ____D C:\Windows\system32\yva
2016-11-01 07:40 - 2016-11-01 07:40 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-11-01 07:35 - 2016-11-01 07:35 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-11-01 07:18 - 2016-11-01 09:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\ElevatedDiagnostics
2016-11-01 07:15 - 2016-11-01 17:33 - 00002403 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-11-01 07:15 - 2016-11-01 07:15 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-11-01 07:15 - 2016-11-01 07:15 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-11-01 07:15 - 2016-11-01 07:15 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-11-01 07:14 - 2016-11-01 07:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-11-01 07:13 - 2016-11-01 07:16 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-11-01 07:13 - 2016-11-01 07:13 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-11-01 07:12 - 2016-11-01 17:32 - 00001448 _____ C:\Users\Administrator.doms-pc\Desktop\Norton Download Manager.lnk
2016-11-01 07:12 - 2016-11-01 17:32 - 00001257 _____ C:\Users\Administrator.doms-pc\Desktop\Norton Installation Files.lnk
2016-11-01 07:12 - 2016-11-01 07:53 - 00000000 ____D C:\ProgramData\Norton
2016-11-01 07:12 - 2016-11-01 07:12 - 01101088 _____ (Symantec Corporation) C:\Users\Administrator.doms-pc\Downloads\NSDeluxeDownloader.exe
2016-11-01 07:12 - 2016-11-01 07:12 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-11-01 06:31 - 2016-11-02 19:31 - 01931774 _____ C:\Windows\ntbtlog.txt
2016-11-01 06:30 - 2016-11-01 06:30 - 00000000 ____D C:\Windows\system32\buak
2016-11-01 06:27 - 2016-11-01 06:27 - 00000000 ____D C:\Windows\system32\paqo
2016-11-01 06:26 - 2016-11-01 06:26 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{90AF1C31-163E-48BE-9854-EBC6A6D85EFC}
2016-11-01 06:24 - 2016-11-01 06:24 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257608161-552445302-3632482908-500
2016-11-01 06:20 - 2016-11-01 06:20 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Macromedia
2016-11-01 06:19 - 2016-11-01 06:19 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Apple Computer
2016-11-01 06:17 - 2016-11-01 17:33 - 00001449 _____ C:\Users\Administrator.doms-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-01 06:17 - 2016-11-01 07:18 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Google
2016-11-01 06:17 - 2016-11-01 06:26 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Packages
2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Synaptics
2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Adobe
2016-11-01 06:17 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Local\Hewlett-Packard
2016-11-01 06:16 - 2016-11-01 06:17 - 00000000 ____D C:\Users\Administrator.doms-pc
2016-11-01 06:16 - 2016-11-01 06:16 - 00000020 ___SH C:\Users\Administrator.doms-pc\ntuser.ini
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\My Documents
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Videos
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Pictures
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 _SHDL C:\Users\Administrator.doms-pc\Documents\My Music
2016-11-01 06:16 - 2016-11-01 06:16 - 00000000 ____D C:\Users\Administrator.doms-pc\AppData\Roaming\Intel
2016-11-01 06:16 - 2016-01-04 22:13 - 00000000 ___HD C:\Users\Administrator.doms-pc\Documents\hp.system.package.metadata
2016-11-01 06:16 - 2015-04-23 06:43 - 00000000 ___HD C:\Users\Administrator.doms-pc\Documents\hp.applications.package.appdata
2016-11-01 04:14 - 2016-11-01 04:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-11-01 03:06 - 2016-11-01 03:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\UNDERTALE
2016-10-31 16:44 - 2016-11-01 06:07 - 00000000 ____D C:\Windows\system32\hoin
2016-10-31 16:36 - 2016-11-01 05:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-10-31 11:29 - 2016-10-31 11:29 - 00000000 ____D C:\Windows\system32\pay
2016-10-31 11:15 - 2016-10-31 11:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Foxit Software
2016-10-31 10:51 - 2016-10-31 10:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2016-10-31 10:17 - 2016-10-31 10:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2016-10-31 10:14 - 2016-10-31 10:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-10-31 10:13 - 2016-10-31 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-10-31 10:13 - 2016-10-31 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2016-10-31 10:11 - 2016-11-01 17:30 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-10-31 10:11 - 2016-10-31 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-10-31 10:11 - 2016-10-31 10:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2016-10-31 10:11 - 2016-10-31 10:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-10-31 10:10 - 2016-11-01 06:09 - 00000000 ____D C:\Users\Administrator
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-10-31 10:10 - 2016-10-31 10:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-10-31 10:10 - 2016-01-04 22:13 - 00000000 ___HD C:\Users\Administrator\Documents\hp.system.package.metadata
2016-10-31 10:10 - 2015-04-23 06:43 - 00000000 ___HD C:\Users\Administrator\Documents\hp.applications.package.appdata
2016-10-31 09:47 - 2016-10-31 09:47 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Itibiti
2016-10-30 20:12 - 2016-11-01 08:54 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Geunfy
2016-10-30 19:48 - 2016-10-30 19:51 - 00000000 ____D C:\Users\Space Kid\AppData\Local\app
2016-10-30 19:43 - 2016-11-01 17:04 - 00000000 ____D C:\Users\Space Kid\AppData\LocalLow\Company
2016-10-30 19:43 - 2016-10-30 20:12 - 00000000 ____D C:\Users\Space Kid\AppData\Local\Tempfolder
2016-10-30 19:43 - 2016-10-30 19:43 - 00000000 ____D C:\uninst
2016-10-30 19:41 - 2016-10-30 19:41 - 00000000 ____H C:\Windows\system32\BIT98E0.tmp
2016-10-30 19:40 - 2016-11-01 17:04 - 00000000 ___HD C:\Program Files (x86)\treasury
2016-10-30 19:40 - 2016-11-01 07:56 - 00000000 ____D C:\Program Files (x86)\7C41F94C-1477874550-11E5-8397-F406694BA603
2016-10-30 19:40 - 2016-11-01 07:53 - 00000000 ___HD C:\Program Files (x86)\ellmann
2016-10-30 19:40 - 2016-10-30 19:40 - 00000000 _____ C:\TOSTACK
2016-10-30 19:39 - 2016-11-02 14:34 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257608161-552445302-3632482908-1001
2016-10-30 19:39 - 2016-10-30 19:41 - 00000003 _____ C:\Users\Space Kid\AppData\Local\run1.txt
2016-10-30 19:37 - 2016-11-01 17:04 - 00000000 ____D C:\Program Files (x86)\S5
2016-10-30 19:37 - 2016-10-30 19:37 - 00000000 ____D C:\Users\Space Kid\AppData\Local\CrashRpt
2016-10-30 19:36 - 2016-11-01 20:42 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Xbox
2016-10-30 19:36 - 2016-11-01 05:55 - 00000000 ____D C:\Program Files (x86)\Microleaves
2016-10-30 19:00 - 2016-10-30 19:00 - 00002259 _____ C:\Windows\epplauncher.mif
2016-10-30 18:57 - 2016-10-30 18:59 - 14324408 _____ (Microsoft Corporation) C:\Users\Space Kid\Downloads\mseinstall.exe
2016-10-30 18:19 - 2016-10-30 18:19 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\WinRAR
2016-10-30 17:37 - 2016-11-01 17:33 - 00000994 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-10-30 17:37 - 2016-11-01 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-30 17:37 - 2016-10-30 17:37 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-30 17:36 - 2016-10-30 17:37 - 00000000 ____D C:\Program Files\WinRAR
2016-10-30 17:36 - 2016-10-30 17:36 - 02179856 _____ C:\Users\Space Kid\Downloads\winrar-x64-540.exe
2016-10-30 17:32 - 2016-10-30 17:32 - 01962408 _____ C:\Users\Space Kid\Downloads\wrar540.exe
2016-10-30 11:06 - 2016-10-30 11:06 - 02842320 _____ C:\Users\Space Kid\Downloads\npp.7.1.Installer.exe
2016-10-29 23:47 - 2016-10-29 23:47 - 00000000 ____D C:\Users\Space Kid\Downloads\spookysoiree-1.0-win
2016-10-29 23:46 - 2016-10-29 23:46 - 30356296 _____ C:\Users\Space Kid\Downloads\spookysoiree-1.0-win.zip
2016-10-27 11:50 - 2016-11-01 17:33 - 00002031 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-10-27 11:50 - 2016-11-01 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-10-25 17:28 - 2016-11-02 16:17 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Kodi
2016-10-25 10:24 - 2016-10-25 10:24 - 00707658 _____ C:\Users\Space Kid\Downloads\Syllabus - CLICK HERE to Download - IT_102_Desktop_Client_Support_Fall_2016_Hybrid_2nd8weeks.zip
2016-10-25 10:16 - 2016-10-30 00:12 - 00000000 ____D C:\Users\Space Kid\Downloads\school stuff
2016-10-17 16:27 - 2016-10-17 16:27 - 00765068 _____ C:\Users\Space Kid\Downloads\Syllabus - CLICK HERE to Download - IT_102_Desktop_Client_Support_Fall_2016_Hybrid_2nd8weeks.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-02 19:33 - 2014-11-20 23:42 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-02 19:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-11-02 19:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-02 18:37 - 2015-06-22 09:16 - 00000000 ____D C:\Users\Space Kid
2016-11-02 14:40 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-02 14:38 - 2015-11-19 22:03 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-02 14:37 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-02 14:34 - 2016-05-18 18:22 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Skype
2016-11-02 14:30 - 2015-11-20 01:31 - 00000000 ___DO C:\Users\Space Kid\OneDrive
2016-11-02 14:29 - 2015-06-22 09:17 - 00000000 __SHD C:\Users\Space Kid\IntelGraphicsProfiles
2016-11-02 14:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-02 14:29 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-11-02 14:27 - 2016-07-19 13:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-02 14:27 - 2016-05-13 21:54 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForSpace Kid.job
2016-11-02 14:27 - 2015-11-19 22:03 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-02 04:28 - 2015-11-21 10:13 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-01 17:56 - 2015-11-19 22:03 - 00000000 ____D C:\Users\Space Kid\AppData\Local\Google
2016-11-01 17:33 - 2016-09-30 20:46 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-01 17:33 - 2016-09-30 20:42 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-11-01 17:33 - 2016-08-17 10:34 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2016-11-01 17:33 - 2016-08-02 23:40 - 00000937 _____ C:\Users\Public\Desktop\OpenToonz.lnk
2016-11-01 17:33 - 2016-07-19 13:55 - 00001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-11-01 17:33 - 2016-07-19 13:55 - 00001247 _____ C:\Users\Public\Desktop\True Key.lnk
2016-11-01 17:33 - 2016-05-18 18:22 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-01 17:33 - 2015-11-23 11:18 - 00000824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undertale.lnk
2016-11-01 17:33 - 2015-11-23 11:18 - 00000812 _____ C:\Users\Public\Desktop\Undertale.lnk
2016-11-01 17:33 - 2015-11-19 22:04 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-01 17:33 - 2015-11-19 22:04 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-01 17:33 - 2015-06-22 09:17 - 00001396 _____ C:\Users\Public\Desktop\Priceline.com.lnk
2016-11-01 17:33 - 2015-06-22 09:17 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2016-11-01 17:33 - 2015-06-19 15:49 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-11-01 17:33 - 2015-06-19 15:39 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2016-11-01 17:33 - 2015-06-19 15:39 - 00002519 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2016-11-01 17:33 - 2015-06-19 15:39 - 00002155 _____ C:\Users\Public\Desktop\Connected Music.lnk
2016-11-01 17:33 - 2015-06-19 15:18 - 00001636 _____ C:\Users\Public\Desktop\Connected Photo.lnk
2016-11-01 17:33 - 2015-06-19 15:16 - 00002169 _____ C:\Users\Public\Desktop\Connected Drive.lnk
2016-11-01 17:33 - 2015-06-19 15:14 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-11-01 13:29 - 2016-08-02 23:38 - 00000000 ____D C:\OpenToonz 1.0 stuff
2016-11-01 08:01 - 2015-11-23 11:16 - 00000000 ____D C:\Program Files (x86)\Undertale
2016-11-01 07:15 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-11-01 06:09 - 2015-06-19 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-11-01 06:08 - 2016-09-30 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-01 06:08 - 2016-08-17 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-11-01 06:08 - 2016-08-02 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenToonz 1.0
2016-11-01 06:08 - 2016-07-19 13:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-11-01 06:08 - 2016-05-18 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-11-01 06:08 - 2015-12-07 05:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-01 06:08 - 2015-06-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-11-01 06:08 - 2015-06-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-01 06:08 - 2015-06-19 15:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-01 06:08 - 2015-06-19 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-11-01 06:08 - 2015-06-19 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB
2016-11-01 06:08 - 2015-06-19 15:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-11-01 06:08 - 2015-06-19 15:13 - 00000000 ____D C:\Program Files\7-Zip
2016-11-01 06:08 - 2015-06-19 14:55 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-11-01 06:08 - 2015-06-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-11-01 06:08 - 2015-04-23 06:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-11-01 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2016-11-01 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-11-01 05:56 - 2016-07-19 13:55 - 00000000 ____D C:\Users\Space Kid\AppData\Local\tkdata
2016-11-01 05:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\registration
2016-11-01 05:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-11-01 03:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-10-30 19:42 - 2015-06-22 09:17 - 00001657 _____ C:\Users\Space Kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-30 00:15 - 2016-08-29 23:02 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\RenPy
2016-10-29 15:59 - 2016-07-19 13:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-29 15:22 - 2016-07-19 13:43 - 00000000 ____D C:\Program Files\TrueKey
2016-10-27 11:50 - 2016-07-21 15:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-10-27 08:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-27 08:10 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-26 09:17 - 2015-11-19 22:03 - 00000000 ____D C:\Users\Space Kid\Documents\Youcam
2016-10-26 09:14 - 2016-05-18 18:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-26 09:14 - 2016-05-18 18:21 - 00000000 ____D C:\ProgramData\Skype
2016-10-25 10:16 - 2016-01-08 19:45 - 00000000 ____D C:\Users\Space Kid\AppData\Roaming\Foxit Software
2016-10-23 11:44 - 2016-08-25 15:30 - 00000000 ____D C:\Users\Space Kid\AppData\Local\SkypePlugin
2016-10-03 15:51 - 2015-12-07 05:21 - 00000000 ____D C:\Users\Space Kid\Desktop\Feel Better!

==================== Files in the root of some directories =======

2016-10-30 19:39 - 2016-10-30 19:41 - 0000003 _____ () C:\Users\Space Kid\AppData\Local\run1.txt

Some files in TEMP:
====================
C:\Users\Space Kid\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Space Kid\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-26 17:37

==================== End of FRST.txt ============================

 

 

 

It's weird that this time malwarebytes didn't find the Hijack.Host files this time, but i suspect they are still there as my computer is still incredibly slow when run without safe mode

 

 

 

Link to post
Share on other sites

Uninstall McAfee security system, instructions and removal too at the following link:

McAfee Removal Tool

Next,

Run fresh scan with Malwarebytes, post the produced log.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Thank you,

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.