Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    Oct 2015
    Posts
    9
    Points
    0

    Default Internet Freezes and stalls when browser opens

    internet keeps freezing & browser takes long time to load and advertising appears on web site. Note sure if l have malware or spyware. I have included the logs requested below. Thanks inadvance

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 2:43:12 AM, on 21/10/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18057)

    FIREFOX: 41.0.2 (x86 en-US)
    Boot mode: Normal

    Running processes:

    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\GWX\GWX.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\Ivan Perkovic\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    C:\Windows\System32\Codecs\UpdateChecker.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\System32\Codecs\TrayMenu.exe
    C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
    C:\windows\system32\RunDll32.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Ivan Perkovic\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" LPCM
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Codec Settings UAC Manager] "C:\windows\system32\Codecs\CodecUACManager.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BingSvc] C:\Users\Ivan Perkovic\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    O4 - HKCU\..\Run: [Codec Pack Update Checker] "C:\windows\system32\Codecs\UpdateChecker.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Monitor Ink Alerts - HP Officejet 2620 series.lnk = ?
    O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\System32\Codecs\TrayMenu.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
    O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

    --
    End of file - 12296 bytes



    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/21/2015 at 00:49 AM

    Application Version : 6.0.1208
    Database Version : 12130

    Scan type : Complete Scan
    Total Scan Time : 01:12:09

    Operating System Information
    Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 664
    Memory threats detected : 0
    Registry items scanned : 36943
    Registry threats detected : 0
    File items scanned : 14661
    File threats detected : 5

    Adware.Tracking Cookie
    .luckyorange.com [ C:\USERS\IVAN PERKOVIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AMLIRCJG.DEFAULT-1441975581029\COOKIES.SQLITE ]
    .luckyorange.net [ C:\USERS\IVAN PERKOVIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AMLIRCJG.DEFAULT-1441975581029\COOKIES.SQLITE ]
    .262855726.log.optimizely.com [ C:\USERS\IVAN PERKOVIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AMLIRCJG.DEFAULT-1441975581029\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\IVAN PERKOVIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AMLIRCJG.DEFAULT-1441975581029\COOKIES.SQLITE ]

    PUP.OpenCandy/Variant
    C:\USERS\IVAN PERKOVIC\APPDATA\ROAMING\OPENCANDY\A7B164AC490549EC9FD12D337D7AE6A1\DH21.EXE

    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 21/10/2015
    Scan Time: 2:09 AM
    Logfile:
    Administrator: Yes

    Version: 0.0.0.0000
    Malware Database: v2015.10.20.05
    Rootkit Database: v2015.10.16.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Ivan Perkovic

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 305310
    Time Elapsed: 1 hr, 2 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to help2go!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop. Looks like the 32Bit is what you want...

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will produce a log called FRST.txt in the same directory the tool is run from.[/*]
    • Please copy and paste log back here.[/*]
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/*]

  3. #3
    Member
    Join Date
    Oct 2015
    Posts
    9
    Points
    0

    Default

    hi, thanks for the instructions, l have pasted the requested logs. thanks inadvanced

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-10-2015 01
    Ran by Ivan Perkovic (administrator) on IVANPERKOVIC (22-10-2015 22:06:52)
    Running from C:\Users\Ivan Perkovic\Downloads
    Loaded Profiles: Ivan Perkovic & (Available Profiles: Ivan Perkovic)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (© 2015 Microsoft Corporation) C:\Users\Ivan Perkovic\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    () C:\Windows\System32\Codecs\UpdateChecker.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    () C:\Windows\System32\Codecs\TrayMenu.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1493608 2010-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-23] (TOSHIBA CORPORATION)
    HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2010-03-04] (TOSHIBA Electronics, Inc.)
    HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-11] (Synaptics Incorporated)
    HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-02] (TOSHIBA CORPORATION.)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-20] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-06] (TOSHIBA Corporation)
    HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-07] (TOSHIBA Corporation)
    HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3272040 2010-02-18] (Symantec Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-12] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [467816 2010-04-24] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-07-10] (TOSHIBA Corporation)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
    HKLM\...\Run: [Codec Settings UAC Manager] => C:\windows\system32\Codecs\CodecUACManager.exe [60416 2015-06-11] ()
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\Run: [BingSvc] => C:\Users\Ivan Perkovic\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\Run: [Codec Pack Update Checker] => C:\windows\system32\Codecs\UpdateChecker.exe [55992 2015-06-11] ()
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-20] (SUPERAntiSpyware)
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Ivan Perkovic\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Codec Pack Update Checker] => C:\windows\system32\Codecs\UpdateChecker.exe [55992 2015-06-11] ()
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-20] (SUPERAntiSpyware)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-08-27]
    ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\System32\Codecs\TrayMenu.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-05]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Ivan Perkovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 2620 series.lnk [2015-10-22]
    ShortcutTarget: Monitor Ink Alerts - HP Officejet 2620 series.lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    Tcpip\..\Interfaces\{840CA198-9468-4CE5-972E-151A07F440A5}: [DhcpNameServer] 10.0.0.138
    Tcpip\..\Interfaces\{D9525D45-5DBA-47ED-A5D8-C3D6EA0B0EC1}: [DhcpNameServer] 10.0.0.138

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
    SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> DefaultScope {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-22] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-22] (Oracle Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-20] (<TOSHIBA>)
    BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll => No File
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-09-22] (McAfee, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-09-22] (McAfee, Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ivan Perkovic\AppData\Roaming\Mozilla\Firefox\Profiles\amlircjg.default-1441975581029
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-22] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-22] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-06] (RocketLife, LLP)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-15] ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
    FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-07-09] [not signed]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-09-07]
    FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-27] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Ivan Perkovic\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Ivan Perkovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
    CHR Extension: (Raven Internet Marketing Tools) - C:\Users\Ivan Perkovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfnifaophpooekkminfbekpgmanjlcf [2015-03-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    CHR Extension: (Google Wallet) - C:\Users\Ivan Perkovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-09-22]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
    S2 0064881445511848mcinstcleanup; C:\windows\TEMP\006488~1.EXE [883024 2015-05-05] (McAfee, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
    R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 IconMan_R; C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-28] (Realsil Microelectronics Inc.) [File not signed]
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-08-27] (Lavasoft Limited)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-09-22] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [711032 2015-08-21] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [235696 2015-08-01] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1251264 2015-07-24] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502936 2015-07-17] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [335600 2015-07-06] (McAfee, Inc.)
    R2 mfevtp; C:\windows\system32\mfevtps.exe [242408 2015-06-29] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
    R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 CeKbFilter; C:\windows\System32\DRIVERS\CeKbFilter.sys [17520 2011-04-16] (Compal Electronics, INC.)
    R3 cfwids; C:\windows\System32\drivers\cfwids.sys [70672 2015-07-02] (McAfee, Inc.)
    S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.)
    R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-10-22] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [315576 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [269872 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [380504 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [658528 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [419248 2015-06-28] (McAfee, Inc.)
    S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [89544 2015-06-28] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-09-22] (McAfee, Inc.)
    R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [223520 2015-07-02] (McAfee, Inc.)
    S3 NPF; C:\windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
    R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
    R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [841248 2010-04-29] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 SCMNdisP; C:\windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    S3 SWDUMon; C:\windows\System32\DRIVERS\SWDUMon.sys [13368 2015-04-19] (SlimWare Utilities, Inc.)
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-22 22:06 - 2015-10-22 22:11 - 00026392 _____ C:\Users\Ivan Perkovic\Downloads\FRST.txt
    2015-10-22 22:03 - 2015-10-22 22:08 - 00000000 ____D C:\FRST
    2015-10-22 22:02 - 2015-10-22 22:02 - 01700352 _____ (Farbar) C:\Users\Ivan Perkovic\Downloads\FRST.exe
    2015-10-21 02:43 - 2015-10-21 02:43 - 00012298 _____ C:\Users\Ivan Perkovic\Downloads\hijackthis.log
    2015-10-21 02:29 - 2015-10-21 02:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ivan Perkovic\Downloads\HijackThis.exe
    2015-10-20 23:45 - 2015-10-22 21:53 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-20 23:44 - 2015-10-20 23:44 - 00001035 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-20 23:44 - 2015-10-20 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-20 23:43 - 2015-10-20 23:44 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-10-20 23:43 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-10-20 23:43 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-10-20 23:43 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
    2015-10-20 23:41 - 2015-10-20 23:42 - 22908888 _____ (Malwarebytes ) C:\Users\Ivan Perkovic\Downloads\mbam-setup-2.2.0.1024.exe
    2015-10-20 23:19 - 2015-10-20 23:19 - 00000000 ____D C:\SUPERDelete
    2015-10-20 21:58 - 2015-10-21 02:15 - 00000526 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task b466f65d-0fc2-4ebb-9bab-ebb31b8e3a2c.job
    2015-10-20 21:58 - 2015-10-21 02:08 - 00000526 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 54450b28-9715-4430-bfba-acf72fb9621b.job
    2015-10-20 21:57 - 2015-10-20 21:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-20 21:57 - 2015-10-20 21:57 - 00001936 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-10-20 21:57 - 2015-10-20 21:57 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-10-20 21:57 - 2015-10-20 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-10-20 21:54 - 2015-10-20 21:55 - 23758168 _____ (SUPERAntiSpyware) C:\Users\Ivan Perkovic\Downloads\SUPERAntiSpyware.exe
    2015-10-16 20:13 - 2015-09-19 04:47 - 00023384 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2015-10-16 20:13 - 2015-09-19 04:44 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-10-16 20:13 - 2015-09-19 04:44 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-10-16 20:13 - 2015-09-19 04:44 - 00587776 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-10-16 20:13 - 2015-09-19 04:44 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-10-16 20:13 - 2015-09-19 04:44 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-10-16 20:13 - 2015-09-19 04:35 - 00999936 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-10-16 19:50 - 2015-10-16 20:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-10-14 22:04 - 2015-07-19 00:08 - 00901264 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00066400 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00022368 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-14 22:04 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-14 22:03 - 2015-09-29 14:05 - 03990976 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2015-10-14 22:03 - 2015-09-29 14:05 - 03936192 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-10-14 22:03 - 2015-09-29 14:02 - 01308160 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2015-10-14 22:03 - 2015-09-29 13:59 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-10-14 22:03 - 2015-09-29 13:58 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-10-14 22:03 - 2015-09-29 13:58 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2015-10-14 22:03 - 2015-09-29 13:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2015-10-14 22:03 - 2015-09-29 13:58 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2015-10-14 22:03 - 2015-09-29 13:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2015-10-14 22:03 - 2015-09-29 13:58 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2015-10-14 22:03 - 2015-09-29 13:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2015-10-14 22:03 - 2015-09-29 13:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2015-10-14 22:03 - 2015-09-29 13:49 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2015-10-14 22:03 - 2015-09-29 13:49 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2015-10-14 22:03 - 2015-09-29 12:43 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2015-10-14 22:03 - 2015-09-29 12:43 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2015-10-14 22:03 - 2015-09-29 12:43 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2015-10-14 22:03 - 2015-09-16 04:42 - 00139096 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2015-10-14 22:03 - 2015-09-16 04:42 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2015-10-14 22:03 - 2015-09-16 04:36 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2015-10-14 22:03 - 2015-09-16 04:36 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2015-10-14 22:03 - 2015-09-16 04:36 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2015-10-14 22:03 - 2015-09-16 04:36 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2015-10-14 22:03 - 2015-09-16 04:36 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2015-10-14 22:03 - 2015-09-16 04:36 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2015-10-14 22:03 - 2015-09-16 04:35 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2015-10-14 22:02 - 2015-09-26 04:59 - 02955776 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-10-14 22:02 - 2015-09-26 04:59 - 02061824 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-10-14 22:02 - 2015-09-26 04:59 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-10-14 22:02 - 2015-09-26 04:59 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-10-14 22:02 - 2015-09-26 04:59 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-10-14 22:02 - 2015-09-26 04:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2015-10-14 22:02 - 2015-09-26 04:59 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2015-10-14 22:02 - 2015-09-26 04:58 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-10-14 22:02 - 2015-09-26 04:58 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2015-10-14 22:02 - 2015-09-26 04:58 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-10-14 22:02 - 2015-09-26 04:58 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2015-10-14 22:02 - 2015-08-07 04:44 - 12875776 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2015-10-14 22:02 - 2015-08-07 04:44 - 01498624 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
    2015-10-14 22:01 - 2015-10-02 04:50 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2015-10-14 22:01 - 2015-10-02 04:50 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2015-10-14 22:01 - 2015-10-02 04:50 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2015-10-14 22:01 - 2015-10-02 04:50 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2015-10-14 22:01 - 2015-10-02 04:50 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2015-10-14 22:01 - 2015-10-02 03:53 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2015-10-14 22:00 - 2015-09-19 05:58 - 00345688 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-10-14 22:00 - 2015-09-16 14:58 - 20357632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-10-14 22:00 - 2015-09-16 14:45 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2015-10-14 22:00 - 2015-09-16 14:45 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2015-10-14 22:00 - 2015-09-16 14:33 - 00504832 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-10-14 22:00 - 2015-09-16 14:33 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2015-10-14 22:00 - 2015-09-16 14:32 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-10-14 22:00 - 2015-09-16 14:32 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2015-10-14 22:00 - 2015-09-16 14:31 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2015-10-14 22:00 - 2015-09-16 14:28 - 02279936 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-10-14 22:00 - 2015-09-16 14:26 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2015-10-14 22:00 - 2015-09-16 14:26 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2015-10-14 22:00 - 2015-09-16 14:24 - 00480256 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-10-14 22:00 - 2015-09-16 14:23 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2015-10-14 22:00 - 2015-09-16 14:23 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2015-10-14 22:00 - 2015-09-16 14:22 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-10-14 22:00 - 2015-09-16 14:22 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-10-14 22:00 - 2015-09-16 14:18 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2015-10-14 22:00 - 2015-09-16 14:15 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2015-10-14 22:00 - 2015-09-16 14:10 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2015-10-14 22:00 - 2015-09-16 14:07 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2015-10-14 22:00 - 2015-09-16 14:06 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-10-14 22:00 - 2015-09-16 14:05 - 04527616 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-10-14 22:00 - 2015-09-16 14:05 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-10-14 22:00 - 2015-09-16 14:04 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2015-10-14 22:00 - 2015-09-16 13:58 - 12853760 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-10-14 22:00 - 2015-09-16 13:58 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2015-10-14 22:00 - 2015-09-16 13:56 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-10-14 22:00 - 2015-09-16 13:56 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-10-14 22:00 - 2015-09-16 13:55 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-10-14 22:00 - 2015-09-16 13:55 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2015-10-14 22:00 - 2015-09-16 13:37 - 02011136 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-10-14 22:00 - 2015-09-16 13:34 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-10-14 22:00 - 2015-09-16 13:32 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-10-10 00:56 - 2015-10-10 00:56 - 00001611 _____ C:\Users\Ivan Perkovic\Downloads\VTS_01_1.avi - Shortcut.lnk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-22 22:10 - 2011-04-16 08:53 - 01174903 _____ C:\windows\WindowsUpdate.log
    2015-10-22 22:07 - 2009-07-14 15:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-22 22:07 - 2009-07-14 15:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-22 21:49 - 2011-04-16 09:03 - 00368012 _____ C:\windows\PFRO.log
    2015-10-22 21:49 - 2009-07-14 15:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-10-22 21:49 - 2009-07-14 15:39 - 00168308 _____ C:\windows\setupact.log
    2015-10-21 02:45 - 2014-11-16 13:08 - 00000000 ____D C:\Users\Ivan Perkovic\Documents\Wedding stuff
    2015-10-21 02:32 - 2012-07-14 09:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-10-21 02:31 - 2014-10-06 10:33 - 00000354 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
    2015-10-20 23:43 - 2013-05-31 19:22 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-10-18 20:32 - 2012-07-14 09:08 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2015-10-18 20:32 - 2011-07-09 06:26 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2015-10-18 06:18 - 2011-04-16 09:11 - 00006450 _____ C:\windows\system32\PerfStringBackup.INI
    2015-10-17 12:57 - 2013-05-05 06:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-17 11:20 - 2011-07-04 22:17 - 00000000 ____D C:\Users\Ivan Perkovic\AppData\Roaming\Skype
    2015-10-16 20:45 - 2014-12-13 06:21 - 00000000 ____D C:\windows\system32\appraiser
    2015-10-16 20:45 - 2014-04-25 20:44 - 00000000 ___SD C:\windows\system32\CompatTel
    2015-10-16 20:33 - 2015-09-11 23:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-10-16 20:08 - 2013-08-17 02:24 - 00000000 ____D C:\windows\system32\MRT
    2015-10-16 19:53 - 2012-06-11 10:16 - 141105520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-10-16 19:26 - 2015-07-18 15:46 - 00000000 ___RD C:\Program Files\Skype
    2015-10-11 05:46 - 2011-06-18 11:58 - 00000000 ____D C:\Users\Ivan Perkovic\AppData\Roaming\SoftGrid Client
    2015-10-10 12:36 - 2015-04-06 05:17 - 00000000 ___SD C:\windows\system32\GWX
    2015-10-09 21:53 - 2011-04-16 08:53 - 00000000 ____D C:\ProgramData\Skype
    2015-10-05 09:19 - 2011-07-09 06:50 - 00000000 ____D C:\Users\Ivan Perkovic\AppData\Local\CrashDumps
    2015-09-28 18:57 - 2009-07-14 15:53 - 00032638 _____ C:\windows\Tasks\SCHEDLGU.TXT

    ==================== Files in the root of some directories =======

    2014-10-06 09:56 - 2014-10-06 09:56 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\Ivan Perkovic\AppData\Local\Temp\-bx38gbs.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\BSvcProcessor.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\BSvcUpdater.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\ctyjflqx.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\HPPSdr.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\jre-8u45-windows-au.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\jre-8u51-windows-au.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\k3_3pjcg.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\lgypiwl3.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\lqi_rtcg.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Ivan Perkovic\AppData\Local\Temp\tlpo9pa1.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-03-07 23:04



    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-10-2015 01
    Ran by Ivan Perkovic (2015-10-22 22:14:10)
    Running from C:\Users\Ivan Perkovic\Downloads
    Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2011-06-18 00:47:26)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1665181541-3691941792-4024951107-500 - Administrator - Disabled)
    Guest (S-1-5-21-1665181541-3691941792-4024951107-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1665181541-3691941792-4024951107-1002 - Limited - Enabled)
    Ivan Perkovic (S-1-5-21-1665181541-3691941792-4024951107-1000 - Administrator - Enabled) => C:\Users\Ivan Perkovic

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Bejeweled 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
    BigPond Broadband ADSL (HKLM\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 12.0 - Telstra)
    Build-a-lot 2 (Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
    ContinueToSave 1.74 (HKLM\...\SP_09b71135) (Version: - ) <==== ATTENTION
    DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
    e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
    FATE (Version: 2.2.0.95 - WildTangent) Hidden
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet 2620 series Basic Device Software (HKLM\...\{CE0ABB80-E97F-4032-83A2-6541A7540FD5}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP Officejet 2620 series Help (HKLM\...\{18DE383C-ADAE-4720-9A00-077239991ACA}) (Version: 31.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.16432 - HP)
    HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Jewel Quest - Heritage (Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Kobo (HKLM\...\Kobo) (Version: 3.11.0 - Rakuten Kobo Inc.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.184 - McAfee, Inc.)
    Media Player Codec Pack 4.3.8 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.8 - Media Player Codec Pack)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
    NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
    Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
    Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.39 - Symantec)
    Plants vs. Zombies (Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (Version: 2.2.0.95 - WildTangent) Hidden
    Product Improvement Study for HP Officejet 2620 series (HKLM\...\{C33B2683-3BE5-40A3-8F8E-AF146B623889}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.28.924.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TOSHIBA Assist (HKLM\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
    TOSHIBA Bulletin Board (HKLM\...\InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}) (Version: 1.6.08.32 - TOSHIBA Corporation)
    TOSHIBA ConfigFree (HKLM\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
    TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.8 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM\...\InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}) (Version: 1.7.16.32 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
    TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
    Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
    Utility Common Driver (Version: 1.0.52.2C - TOSHIBA) Hidden
    Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95 - WildTangent) Hidden
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Web Companion (HKLM\...\{ac148f34-4b9f-422a-9c8c-5b47d2c624fa}) (Version: 2.1.1095.2272 - Lavasoft)
    Wheel of Fortune 2 (Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.14 - WildTangent)
    Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101) (HKLM\...\94703D1C50646DF5FB8D0FB50EB2216330EB89C9) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
    Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327) (HKLM\...\3B7076EB3C51070DE9D6902E9696507D9B471345) (Version: 03/27/2006 5.1213.06.0327 - NETGEAR Inc.)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinX DVD Ripper 5.6.2 (HKLM\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.)
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Zuma's Revenge (Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
    CustomCLSID: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

    ==================== Restore Points =========================

    23-08-2015 16:49:45 Windows Update
    27-08-2015 02:34:14 Windows Update
    30-08-2015 20:11:06 Windows Update
    02-09-2015 22:17:52 Windows Update
    05-09-2015 22:40:03 Windows Update
    10-09-2015 04:49:31 Installed HP Support Solutions Framework
    11-09-2015 06:12:01 Windows Update
    12-09-2015 06:53:21 Windows Update
    12-09-2015 22:04:08 Windows Update
    10-10-2015 03:00:26 Windows Update
    16-10-2015 19:31:47 Windows Update
    16-10-2015 20:44:03 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:04 - 2015-09-05 05:47 - 00000856 ____A C:\windows\system32\Drivers\etc\hosts

    0.0.0.1 mssplus.mcafee.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {09F9BB43-C131-4348-ABF8-228764037044} - System32\Tasks\HPCustParticipation HP Officejet 2620 series => C:\Program Files\HP\HP Officejet 2620 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {14778DB2-A681-49C3-9DA7-771A099ECE53} - System32\Tasks\SUPERAntiSpyware Scheduled Task b466f65d-0fc2-4ebb-9bab-ebb31b8e3a2c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
    Task: {20FA3266-4554-46C6-A516-9F3B20891BE3} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-11-15] ()
    Task: {3E9CF7AF-8153-4140-8D1B-1180260398EC} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-04] (TOSHIBA CORPORATION)
    Task: {403FD8B6-0787-4059-85FA-A34413553F27} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
    Task: {5DE573A1-1CAA-4964-9F5C-9ED5A2961B3A} - System32\Tasks\UpdaterEX => C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {69978357-546D-4810-9C32-0A834387CE4A} - System32\Tasks\{16E92135-B972-452B-B547-7DC43CEA72DE} => pcalua.exe -a C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Task: {75F8D540-7ECF-4922-8037-EF26D0422E62} - System32\Tasks\SUPERAntiSpyware Scheduled Task 54450b28-9715-4430-bfba-acf72fb9621b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
    Task: {99622272-3098-48FF-BC63-1775F1D3AE78} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
    Task: {C965B6A2-9AEA-4FB8-8E39-F681A18494EF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)
    Task: {D4DDA2E4-13CF-4615-9D1B-C578C3273621} - System32\Tasks\{EFCEEB2A-48CF-471E-BEB5-DE87BD86650B} => pcalua.exe -a C:\Users\IVANPE~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
    Task: {ED48E305-4544-4081-9BBF-AFB2F2E93300} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
    Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 54450b28-9715-4430-bfba-acf72fb9621b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task b466f65d-0fc2-4ebb-9bab-ebb31b8e3a2c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2015-06-11 07:00 - 2015-06-11 07:00 - 00055992 _____ () C:\Windows\System32\Codecs\UpdateChecker.exe
    2015-10-22 21:49 - 2015-10-22 21:49 - 00011264 _____ () C:\Users\Ivan Perkovic\AppData\Local\Temp\nsa99E0.tmp\System.dll
    2014-12-21 13:07 - 2014-12-21 13:07 - 00208415 _____ () C:\Windows\System32\Codecs\TrayMenu.exe
    2013-04-19 11:37 - 2010-08-26 18:48 - 00285152 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    2013-04-19 11:37 - 2010-10-28 12:37 - 00368640 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
    2011-07-09 06:25 - 2011-06-16 08:55 - 00925696 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
    2010-02-06 11:40 - 2010-02-06 11:40 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan Perkovic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan Perkovic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 10.0.0.138
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{E30AB184-B136-4F1B-BE87-46F2EB56C6A2}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{E970C12F-5400-44C8-ADC5-DEC1DADA7721}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{632D2E66-A9AE-41A5-B690-A2D49CE42637}] => (Allow) svchost.exe
    FirewallRules: [{6598AB93-0872-41E1-A252-9B7DA2B594F1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{0F7302FF-49C8-4165-8733-060F390F9BA9}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{2E475038-75FF-48C7-BFA8-DDAE241E833D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{9F5BCFE2-1D2D-4DCE-986E-42CCBA5AA1B0}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{AB812FEC-F31C-4045-8C3B-F36EEF17A124}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{EECFD12C-8C78-4D4B-BC58-A1C242ED56C1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{C47D8E6E-6602-4606-B75F-9F22F6B1CE55}] => (Allow) C:\Program Files\HP\HP Officejet 2620 series\bin\FaxApplications.exe
    FirewallRules: [{0F7E3F4B-408F-49B7-88B7-713D1FED9FCA}] => (Allow) C:\Program Files\HP\HP Officejet 2620 series\bin\DigitalWizards.exe
    FirewallRules: [{5EFC74EB-7882-4169-A712-32345CBF874B}] => (Allow) C:\Program Files\HP\HP Officejet 2620 series\bin\SendAFax.exe
    FirewallRules: [{0AB60A3A-FE96-40AB-8E93-9CF4902A252D}] => (Allow) C:\Program Files\HP\HP Officejet 2620 series\Bin\USBSetup.exe
    FirewallRules: [{DE4DE50D-7199-4156-AAF2-AEE099BF6F93}] => (Allow) C:\Program Files\HP\HP Officejet 2620 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{7F11A14B-274B-4B02-8DCB-0AA26DCE0BBB}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS176A\HPDiagnosticCoreUI.exe
    FirewallRules: [{C06E07B0-F32F-470A-8201-8EE4C26F2B9E}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS176A\HPDiagnosticCoreUI.exe
    FirewallRules: [{67F1C337-91E5-4FEC-82E2-D16F29482576}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1D26\HPDiagnosticCoreUI.exe
    FirewallRules: [{BBD1E8A6-ECEB-4DFD-84C9-F337A586F4AE}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1D26\HPDiagnosticCoreUI.exe
    FirewallRules: [{204D16F5-C509-4501-85AD-F87621CB0144}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1E21\HPDiagnosticCoreUI.exe
    FirewallRules: [{545E3833-D8F8-412E-B50B-3879267B6329}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1E21\HPDiagnosticCoreUI.exe
    FirewallRules: [{0CED8DE5-5B23-4643-8AAF-6C3379607570}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS3E81\HPDiagnosticCoreUI.exe
    FirewallRules: [{A44ADF81-8ECD-46DE-8D0D-099E195CB7B8}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS3E81\HPDiagnosticCoreUI.exe
    FirewallRules: [{C35C82AF-4895-4753-8B6A-3B8AE4BB44FD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{3CD243F7-FE7F-4030-B610-6F682B41CDBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{A2A96C8E-81DE-4BD5-AE8A-5791C20A261B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/22/2015 09:54:17 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
    Description: TSS Load: could not communicate with TMachInfo service

    Error: (10/20/2015 11:30:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: McSACore.exe, version: 4.0.1.167, time stamp: 0x5601dab8
    Faulting module name: saupkeep.dll_unloaded, version: 0.0.0.0, time stamp: 0x5601da8b
    Exception code: 0xc0000005
    Fault offset: 0x5e3526f1
    Faulting process id: 0xb3c
    Faulting application start time: 0xMcSACore.exe0
    Faulting application path: McSACore.exe1
    Faulting module path: McSACore.exe2
    Report Id: McSACore.exe3

    Error: (10/18/2015 10:22:00 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
    Description: TSS Load: could not communicate with TMachInfo service

    Error: (10/18/2015 06:18:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/18/2015 06:18:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/17/2015 12:01:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/17/2015 12:01:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/17/2015 10:51:15 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
    Description: TSS Load: could not communicate with TMachInfo service

    Error: (10/11/2015 04:03:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/11/2015 04:03:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


    System errors:
    =============
    Error: (10/22/2015 09:53:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee CSP Service service failed to start due to the following error:
    %%1053

    Error: (10/22/2015 09:53:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

    Error: (10/22/2015 09:52:47 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005

    Error: (10/22/2015 09:49:21 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:03:28 AM on ‎21/‎10/‎2015 was unexpected.

    Error: (10/21/2015 02:08:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (10/20/2015 09:08:04 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:33:25 PM on ‎18/‎10/‎2015 was unexpected.

    Error: (10/18/2015 10:20:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005

    Error: (10/17/2015 02:53:53 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

    Error: (10/17/2015 12:43:14 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005

    Error: (10/17/2015 10:52:05 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    Percentage of memory in use: 71%
    Total physical RAM: 1912.88 MB
    Available physical RAM: 553.1 MB
    Total Virtual: 3825.77 MB
    Available Virtual: 2000.14 MB

    ==================== Drives ================================

    Drive c: (S3A9605D003) (Fixed) (Total:455.09 GB) (Free:382.04 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: FB30DE7C)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=455.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=9.2 GB) - (Type=17)

    ==================== End of Addition.txt ============================

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Read all the instructions then proceed...

    Please uninstall this adware program if found
    • ContinueToSave 1.74


    Next
    A few items to fix. ***You need to save this fix here====>C:\Users\Ivan Perkovic\Downloads
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\Lavasoft\Web Companion
    C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1
    HKLM\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Winsock: Catalog9 01 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
    SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> DefaultScope {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-22] (Oracle Corporation)
    BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll => No File
    [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-08-27] (Lavasoft Limited)
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
    Task: {5DE573A1-1CAA-4964-9F5C-9ED5A2961B3A} - System32\Tasks\UpdaterEX => C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {69978357-546D-4810-9C32-0A834387CE4A} - System32\Tasks\{16E92135-B972-452B-B547-7DC43CEA72DE} => pcalua.exe -a C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Task: {D4DDA2E4-13CF-4615-9D1B-C578C3273621} - System32\Tasks\{EFCEEB2A-48CF-471E-BEB5-DE87BD86650B} => pcalua.exe -a C:\Users\IVANPE~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
    Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    IE trusted site: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\webcompanion.com -> hxxp://webcompanion.com
    FirewallRules: [{7F11A14B-274B-4B02-8DCB-0AA26DCE0BBB}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS176A\HPDiagnosticCoreUI.exe
    FirewallRules: [{C06E07B0-F32F-470A-8201-8EE4C26F2B9E}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS176A\HPDiagnosticCoreUI.exe
    FirewallRules: [{67F1C337-91E5-4FEC-82E2-D16F29482576}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1D26\HPDiagnosticCoreUI.exe
    FirewallRules: [{BBD1E8A6-ECEB-4DFD-84C9-F337A586F4AE}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1D26\HPDiagnosticCoreUI.exe
    FirewallRules: [{204D16F5-C509-4501-85AD-F87621CB0144}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1E21\HPDiagnosticCoreUI.exe
    FirewallRules: [{545E3833-D8F8-412E-B50B-3879267B6329}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1E21\HPDiagnosticCoreUI.exe
    FirewallRules: [{0CED8DE5-5B23-4643-8AAF-6C3379607570}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS3E81\HPDiagnosticCoreUI.exe
    FirewallRules: [{A44ADF81-8ECD-46DE-8D0D-099E195CB7B8}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS3E81\HPDiagnosticCoreUI.exe
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state off
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your C:\Users\Ivan Perkovic\Downloads (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log here==> C:\Users\Ivan Perkovic\Downloads (Fixlog.txt). Please post it to your reply.


    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at "C"


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


    Thanks
    Joe
    Last edited by zep516; 10-22-2015 at 11:27 PM. Reason: Fix adjustments

  5. #5
    Member
    Join Date
    Oct 2015
    Posts
    9
    Points
    0

    Default

    hi, l have copied the logs as requested,thanks for your time, Ivan.

    Fix result of Farbar Recovery Scan Tool (x86) Version:21-10-2015 01
    Ran by Ivan Perkovic (2015-10-23 19:58:12) Run:1
    Running from C:\Users\Ivan Perkovic\Downloads
    Loaded Profiles: Ivan Perkovic (Available Profiles: Ivan Perkovic)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\Lavasoft\Web Companion
    C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1
    HKLM\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Winsock: Catalog9 01 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\windows\system32\LavasoftTcpService.dll [345360 2015-08-27] (Lavasoft Limited)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
    SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> DefaultScope {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {49B27329-3146-45BE-8169-47840906A6E5} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=C011AU0D19700101&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-22] (Oracle Corporation)
    BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll => No File
    [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-08-27] (Lavasoft Limited)
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
    Task: {5DE573A1-1CAA-4964-9F5C-9ED5A2961B3A} - System32\Tasks\UpdaterEX => C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {69978357-546D-4810-9C32-0A834387CE4A} - System32\Tasks\{16E92135-B972-452B-B547-7DC43CEA72DE} => pcalua.exe -a C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Task: {D4DDA2E4-13CF-4615-9D1B-C578C3273621} - System32\Tasks\{EFCEEB2A-48CF-471E-BEB5-DE87BD86650B} => pcalua.exe -a C:\Users\IVANPE~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
    Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    IE trusted site: HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\...\webcompanion.com -> hxxp://webcompanion.com
    FirewallRules: [{7F11A14B-274B-4B02-8DCB-0AA26DCE0BBB}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS176A\HPDiagnosticCoreUI.exe
    FirewallRules: [{C06E07B0-F32F-470A-8201-8EE4C26F2B9E}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS176A\HPDiagnosticCoreUI.exe
    FirewallRules: [{67F1C337-91E5-4FEC-82E2-D16F29482576}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1D26\HPDiagnosticCoreUI.exe
    FirewallRules: [{BBD1E8A6-ECEB-4DFD-84C9-F337A586F4AE}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1D26\HPDiagnosticCoreUI.exe
    FirewallRules: [{204D16F5-C509-4501-85AD-F87621CB0144}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1E21\HPDiagnosticCoreUI.exe
    FirewallRules: [{545E3833-D8F8-412E-B50B-3879267B6329}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS1E21\HPDiagnosticCoreUI.exe
    FirewallRules: [{0CED8DE5-5B23-4643-8AAF-6C3379607570}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS3E81\HPDiagnosticCoreUI.exe
    FirewallRules: [{A44ADF81-8ECD-46DE-8D0D-099E195CB7B8}] => (Allow) C:\Users\Ivan Perkovic\AppData\Local\Temp\7zS3E81\HPDiagnosticCoreUI.exe
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state off
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\Program Files\Lavasoft\Web Companion => moved successfully
    "C:\Users\IVANPE~1\AppData\Roaming\UPDATE~1\UPDATE~1" => not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key removed successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}" => key removed successfully.
    HKCR\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => key not found.
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49B27329-3146-45BE-8169-47840906A6E5}" => key removed successfully.
    HKCR\CLSID\{49B27329-3146-45BE-8169-47840906A6E5} => key not found.
    "HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}" => key removed successfully.
    HKCR\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => key not found.
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49B27329-3146-45BE-8169-47840906A6E5} => key not found.
    HKCR\CLSID\{49B27329-3146-45BE-8169-47840906A6E5} => key not found.
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => key not found.
    HKCR\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
    "HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully.
    "HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully.
    [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION => Error: No automatic fix found for this entry.
    hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION => Error: No automatic fix found for this entry.
    LavasoftTcpService => Unable to stop service.
    LavasoftTcpService => service removed successfully.
    massfilter => service removed successfully.
    ZTEusbmdm6k => service removed successfully.
    ZTEusbnet => service removed successfully.
    ZTEusbnmea => service removed successfully.
    ZTEusbser6k => service removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}\\SystemComponent => value removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE573A1-1CAA-4964-9F5C-9ED5A2961B3A}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE573A1-1CAA-4964-9F5C-9ED5A2961B3A}" => key removed successfully.
    C:\Windows\System32\Tasks\UpdaterEX => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69978357-546D-4810-9C32-0A834387CE4A}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69978357-546D-4810-9C32-0A834387CE4A}" => key removed successfully.
    C:\Windows\System32\Tasks\{16E92135-B972-452B-B547-7DC43CEA72DE} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{16E92135-B972-452B-B547-7DC43CEA72DE}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4DDA2E4-13CF-4615-9D1B-C578C3273621}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4DDA2E4-13CF-4615-9D1B-C578C3273621}" => key removed successfully.
    C:\Windows\System32\Tasks\{EFCEEB2A-48CF-471E-BEB5-DE87BD86650B} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EFCEEB2A-48CF-471E-BEB5-DE87BD86650B}" => key removed successfully.
    C:\windows\Tasks\UpdaterEX.job => moved successfully
    "HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F11A14B-274B-4B02-8DCB-0AA26DCE0BBB} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C06E07B0-F32F-470A-8201-8EE4C26F2B9E} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67F1C337-91E5-4FEC-82E2-D16F29482576} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBD1E8A6-ECEB-4DFD-84C9-F337A586F4AE} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{204D16F5-C509-4501-85AD-F87621CB0144} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{545E3833-D8F8-412E-B50B-3879267B6329} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CED8DE5-5B23-4643-8AAF-6C3379607570} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A44ADF81-8ECD-46DE-8D0D-099E195CB7B8} => value removed successfully.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    {1B13813A-9EA5-4432-837E-732EF31BD8A9} canceled.
    {D6770340-0813-4871-83D2-CC0108D3FDD8} canceled.
    {0A0AEC51-AB76-476C-A9BC-8F7525582253} canceled.
    {BCC70871-7813-483F-8330-55F655E170EF} canceled.
    {5DAB9B24-26F9-45E4-852F-4A30F2F2D18E} canceled.
    5 out of 5 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========

    Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Reseting Global, OK!
    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh advfirewall reset =========

    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state off =========

    Ok.


    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
    HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.

    # AdwCleaner v5.014 - Logfile created 23/10/2015 at 20:28:30
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x86)
    # Username : Ivan Perkovic - IVANPERKOVIC
    # Running from : C:\Users\Ivan Perkovic\Downloads\adwcleaner_5.014.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib

    ***** [ Services ] *****

    [-] Service Deleted : swdumon

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\driverupdate
    [-] Folder Deleted : C:\Program Files\SalaePlus
    [-] Folder Deleted : C:\Program Files\SalePPlus
    [-] Folder Deleted : C:\ProgramData\StarApp
    [-] Folder Deleted : C:\ProgramData\{2fdc9b27-d702-36b8-2fdc-c9b27d706c9f}
    [-] Folder Deleted : C:\ProgramData\{9a9dfee7-3e3a-1548-9a9d-dfee73e3fb9c}
    [-] Folder Deleted : C:\Users\Ivan Perkovic\AppData\LocalLow\Yahoo!\Companion
    [-] Folder Deleted : C:\Users\Ivan Perkovic\AppData\Roaming\pccustubinstaller
    [-] Folder Deleted : C:\Users\Public\Documents\iWin
    [-] Folder Deleted : C:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Companion

    ***** [ Files ] *****

    [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
    [-] File Deleted : C:\Users\Ivan Perkovic\AppData\Roaming\Mozilla\Firefox\Profiles\98z8mocq.default-1413537364009\user.js
    [-] File Deleted : C:\windows\Reimage.ini
    [-] File Deleted : C:\windows\system32\drivers\swdumon.sys

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]
    [-] Key Deleted : HKLM\SOFTWARE\e1f9e407-42da-4dea-554e-4f1c57968e1c
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\eSupport.com
    [-] Key Deleted : HKCU\Software\torch
    [-] Key Deleted : HKCU\Software\UpdaterEX
    [-] Key Deleted : HKCU\Software\Reimage
    [-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Key Deleted : HKLM\SOFTWARE\torch
    [-] Key Deleted : HKLM\SOFTWARE\Reimage
    [-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
    [!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
    [!] Key Not Deleted : HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\AppDataLow\Software\Yahoo\Companion
    [!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion

    ***** [ Web browsers ] *****

    [-] [C:\Users\Ivan Perkovic\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : WebSearch

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4141 bytes] ##########

    # AdwCleaner v5.014 - Logfile created 23/10/2015 at 20:28:30
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x86)
    # Username : Ivan Perkovic - IVANPERKOVIC
    # Running from : C:\Users\Ivan Perkovic\Downloads\adwcleaner_5.014.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib

    ***** [ Services ] *****

    [-] Service Deleted : swdumon

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\driverupdate
    [-] Folder Deleted : C:\Program Files\SalaePlus
    [-] Folder Deleted : C:\Program Files\SalePPlus
    [-] Folder Deleted : C:\ProgramData\StarApp
    [-] Folder Deleted : C:\ProgramData\{2fdc9b27-d702-36b8-2fdc-c9b27d706c9f}
    [-] Folder Deleted : C:\ProgramData\{9a9dfee7-3e3a-1548-9a9d-dfee73e3fb9c}
    [-] Folder Deleted : C:\Users\Ivan Perkovic\AppData\LocalLow\Yahoo!\Companion
    [-] Folder Deleted : C:\Users\Ivan Perkovic\AppData\Roaming\pccustubinstaller
    [-] Folder Deleted : C:\Users\Public\Documents\iWin
    [-] Folder Deleted : C:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Companion

    ***** [ Files ] *****

    [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
    [-] File Deleted : C:\Users\Ivan Perkovic\AppData\Roaming\Mozilla\Firefox\Profiles\98z8mocq.default-1413537364009\user.js
    [-] File Deleted : C:\windows\Reimage.ini
    [-] File Deleted : C:\windows\system32\drivers\swdumon.sys

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]
    [-] Key Deleted : HKLM\SOFTWARE\e1f9e407-42da-4dea-554e-4f1c57968e1c
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\eSupport.com
    [-] Key Deleted : HKCU\Software\torch
    [-] Key Deleted : HKCU\Software\UpdaterEX
    [-] Key Deleted : HKCU\Software\Reimage
    [-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Key Deleted : HKLM\SOFTWARE\torch
    [-] Key Deleted : HKLM\SOFTWARE\Reimage
    [-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
    [!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
    [!] Key Not Deleted : HKU\S-1-5-21-1665181541-3691941792-4024951107-1000\Software\AppDataLow\Software\Yahoo\Companion
    [!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion

    ***** [ Web browsers ] *****

    [-] [C:\Users\Ivan Perkovic\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : WebSearch

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4141 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 7 Home Premium x86
    Ran by Ivan Perkovic on Fri 23/10/2015 at 21:04:40.22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\windows\System32\codecs\updatechecker.exe



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
    Successfully deleted: [Folder] C:\Users\Ivan Perkovic\AppData\Roaming\lavasoft\web companion
    Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
    Successfully deleted: [Folder] C:\ProgramData\alkobejbjknnocddfkdfbdnmedpgkfde
    Successfully deleted: [Folder] C:\ProgramData\gdfjpopbilfhbfhoebldbnpgafjjkcfj



    ~~~ FireFox

    Emptied folder: C:\Users\Ivan Perkovic\AppData\Roaming\mozilla\firefox\profiles\amlircjg.default-1441975581029\minidumps [3 files]



    ~~~ Chrome


    [C:\Users\Ivan Perkovic\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Ivan Perkovic\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Ivan Perkovic\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Ivan Perkovic\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 23/10/2015 at 21:18:14.02
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Member
    Join Date
    Oct 2015
    Posts
    9
    Points
    0

    Default

    hi, there was one more log that came up, not sure if its needed, thanks Ivan

    # AdwCleaner v5.014 - Logfile created 23/10/2015 at 20:23:54
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x86)
    # Username : Ivan Perkovic - IVANPERKOVIC
    # Running from : C:\Users\Ivan Perkovic\Downloads\adwcleaner_5.014.exe
    # Option : Scan
    # Support : Forum - ToolsLib

    ***** [ Services ] *****

    Service Found : swdumon

    ***** [ Folders ] *****

    Folder Found : C:\Program Files\driverupdate
    Folder Found : C:\Program Files\SalaePlus
    Folder Found : C:\Program Files\SalePPlus
    Folder Found : C:\ProgramData\StarApp
    Folder Found : C:\ProgramData\{2fdc9b27-d702-36b8-2fdc-c9b27d706c9f}
    Folder Found : C:\ProgramData\{9a9dfee7-3e3a-1548-9a9d-dfee73e3fb9c}
    Folder Found : C:\Users\Ivan Perkovic\AppData\LocalLow\Yahoo!\Companion
    Folder Found : C:\Users\Ivan Perkovic\AppData\Roaming\pccustubinstaller
    Folder Found : C:\Users\Public\Documents\iWin
    Folder Found : C:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Companion

    ***** [ Files ] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
    File Found : C:\Users\Ivan Perkovic\AppData\Roaming\Mozilla\Firefox\Profiles\98z8mocq.default-1413537364009\user.js
    File Found : C:\windows\Reimage.ini
    File Found : C:\windows\system32\drivers\swdumon.sys

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Tell me how the computer is, is it any better ? We may have to reset browsers, but I'll need to know what browsers you use.

    ESET Scan is next and it can take forever, start the scan and do something else.....

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)


    Next

    Download Security Check by screen317 from http://rocketgrannie.spywareinfoforu...urityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

    Next reply to me I need;
    • ESET Scan results.
    • Checkup.txt
    • Tell me how the computer is and what browser may still be having issues.


    Thanks
    Joe

  8. #8
    Member
    Join Date
    Oct 2015
    Posts
    9
    Points
    0

    Default

    hi there, the internet browser im using is Mozilla Firefox. I have copied the logs as requested. The computer is alot better, doesnt freeze up as much,only time where it hangs, when you initially open up internet browser, takes little while to open, after that works pretty good. thanks for your time, much appreciated, let me know if l need to do anything else.

    C:\Program Files\ContinueToSave\sprotector.dll a variant of Win32/SProtector.A application
    C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe Win32/GenUpdater application
    C:\ProgramData\conotiNuetosave\519fa87704de1.dll a variant of Win32/Adware.MultiPlug.I application
    C:\Users\All Users\BetterSoft\OptimizerPro\OptimizerPro.exe Win32/GenUpdater application
    C:\Users\All Users\conotiNuetosave\519fa87704de1.dll a variant of Win32/Adware.MultiPlug.I application
    C:\Users\Ivan Perkovic\AppData\Local\Temp\ImproveSpeedPC\PIPAskToolbar\PIP26121_BCPA_.exe a variant of Win32/Bundled.Toolbar.Ask.C application
    C:\Windows\Temp\OptimizerPro.exe multiple threats


    Results of screen317's Security Check version 1.011 --- 10/21/15
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Java 8 Update 51
    Java version 32-bit out of Date!
    Adobe Flash Player 19.0.0.226
    Adobe Reader XI
    Mozilla Firefox (41.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 7%
    ````````````````````End of Log``````````````````````

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    It's best to reset the browsers these days with so much adware attacking them.

    How to reset Firefox;

    • Click the menu button and then click help .
    • From the Help menu choose Troubleshooting Information. ...
    • Click the Reset Firefox… button in the upper-right corner of the
    • Troubleshooting Information page.
    • To continue, click Reset Firefox in the confirmation window that opens.


    Note
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.

    Next
    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\ContinueToSave\sprotector.dll 
    C:\ProgramData\BetterSoft\OptimizerPro
    C:\ProgramData\conotiNuetosave\519fa87704de1.dll
    C:\Users\All Users\conotiNuetosave\519fa87704de1.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\ImproveSpeedPC\PIPAskToolbar
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Post the fixlog next reply.

    Thanks
    Joe

  10. #10
    Member
    Join Date
    Oct 2015
    Posts
    9
    Points
    0

    Default

    Hi Joe, i have copied the log requested, thanks Ivan

    Fix result of Farbar Recovery Scan Tool (x86) Version:21-10-2015 01
    Ran by Ivan Perkovic (2015-10-25 06:05:40) Run:2
    Running from C:\Users\Ivan Perkovic\Desktop
    Loaded Profiles: Ivan Perkovic & (Available Profiles: Ivan Perkovic)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\ContinueToSave\sprotector.dll
    C:\ProgramData\BetterSoft\OptimizerPro
    C:\ProgramData\conotiNuetosave\519fa87704de1.dll
    C:\Users\All Users\conotiNuetosave\519fa87704de1.dll
    C:\Users\Ivan Perkovic\AppData\Local\Temp\ImproveSpeedPC\PIPAskToolbar
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "C:\Program Files\ContinueToSave\sprotector.dll" => not found.
    "C:\ProgramData\BetterSoft\OptimizerPro" => not found.
    "C:\ProgramData\conotiNuetosave\519fa87704de1.dll" => not found.
    "C:\Users\All Users\conotiNuetosave\519fa87704de1.dll" => not found.
    "C:\Users\Ivan Perkovic\AppData\Local\Temp\ImproveSpeedPC\PIPAskToolbar" => not found.
    EmptyTemp: => 4.1 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 06:11:46 ====

Page 1 of 2 12 LastLast