Infected need help please

girlievapes · June 6, 2014

Noticed this infection today. I've completed the fixes through RogueKiller, where you state 'don't fix anything'. All logs are attached. I appreciate your help =)

AdwCleanerS3.txt

Fixlog.txt

JRT.txt

mbam-log-2014-06-06 (14-06-21).txt

RKreport_SCN_06062014_142323.log

girlievapes · June 7, 2014

I apologize for forgetting the forum rules - I should have posted this as a 'new post' - this is the Google re-direct problem that some of you have been experiencing. Hope this generates some replies now that I've clarified my issue =)

AdvancedSetup · June 10, 2014

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
[*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
[*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Thank you

girlievapes · June 12, 2014

I'm sorry for the delay in responding. I was in the process of moving out of state. I am now in my new place and hope you will continue to help me.

girlievapes · June 13, 2014

Regarding your instruction:

NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.

There is not a choice - it forces me to create a startup folder entry. There is no 'click no' option. Please advise, thank you.

girlievapes · June 13, 2014

Nevermind, I'm a dork.

I'm continuing on....

girlievapes · June 13, 2014

*****************MBAM Log **************************

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.06.12.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17107

Theresa :: THERESA-PC [administrator]

6/12/2014 7:59:16 PM

mbam-log-2014-06-12 (19-59-16).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 273253

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

***********ROGUEKILLER Log**********************

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Theresa [Admin rights]

Mode : Scan -- Date : 06/12/2014 20:15:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-444181680-736773822-1463581120-

1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools :

0 -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-444181680-736773822-1463581120-

1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0

-> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-444181680-736773822-1463581120-

1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools :

0 -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-444181680-736773822-1463581120-

1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0

-> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-444181680-736773822-

1463581120-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} :

1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-444181680-736773822-

1463581120-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 ->

FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-444181680-736773822-

1463581120-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} :

1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-444181680-736773822-

1463581120-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 ->

FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-

A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5

-5595fe6b30ee} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-

A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5

-5595fe6b30ee} : 1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-444181680-736773822-

1463581120-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1

-> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-444181680-736773822-

1463581120-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1

-> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[suspicious.Path] \\{FBD8B51C-5373-4BB0-AAC9-3D7497E4C63E} -- C:\windows

\system32\pcalua.exe (-a C:\Users\Theresa\Desktop\TDJC-Jobs\pers-283.exe -d C:

\Users\Theresa\Desktop\TDJC-Jobs) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤

[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++

--- User ---

[MBR] 1ee20d535b1e7800a6d73fea7203fa8b

[bSP] 1a2c85987c3c69810d3b09eb7457e8e5 : Unknown MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 463820 MB

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952977408 | Size: 11619 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive1: O2Micro SD +++++

--- User ---

[MBR] 83b42057fb3fd1d945874c9bf1406a5b

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code

Partition table:

0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 3777 MB

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

============================================

RKreport_SCN_06062014_142323.log

AdvancedSetup · June 13, 2014

Thanks for the logs.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

girlievapes · June 13, 2014

****************JRT Log****************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Theresa on Fri 06/13/2014 at 10:34:02.24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\coupons"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 06/13/2014 at 10:43:38.35

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*****************ADW Log************************

# AdwCleaner v3.212 - Report created 13/06/2014 at 10:58:13

# Updated 05/06/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Theresa - THERESA-PC

# Running from : C:\Users\Theresa\Desktop\AdwCleaner (2).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\8f84e1uk.default-1397923688806\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8622 octets] - [02/10/2013 09:10:43]

AdwCleaner[R1].txt - [5814 octets] - [13/12/2013 15:25:34]

AdwCleaner[R2].txt - [1231 octets] - [04/02/2014 12:38:18]

AdwCleaner[R3].txt - [1493 octets] - [06/06/2014 13:45:05]

AdwCleaner[R4].txt - [1395 octets] - [13/06/2014 10:56:16]

AdwCleaner[s0].txt - [8710 octets] - [02/10/2013 09:15:15]

AdwCleaner[s1].txt - [5884 octets] - [13/12/2013 15:27:19]

AdwCleaner[s2].txt - [1253 octets] - [04/02/2014 12:42:01]

AdwCleaner[s3].txt - [1560 octets] - [06/06/2014 13:46:40]

AdwCleaner[s4].txt - [1316 octets] - [13/06/2014 10:58:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1376 octets] ##########

girlievapes · June 13, 2014

*************MBAM Log******************

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.06.13.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17107

Theresa :: THERESA-PC [administrator]

6/13/2014 11:09:57 AM

mbam-log-2014-06-13 (11-09-57).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 273344

Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

girlievapes · June 13, 2014

**********************ESET Log*************************

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir Win32/Toolbar.Conduit potentially unwanted application

C:\Users\Theresa\Downloads\audioextractor.exe Win32/InstallMonetizer.AU potentially unwanted application

C:\Users\Theresa\Downloads\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Users\Theresa\Downloads\freeripmp3-setup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

C:\Users\Theresa\Downloads\freeripmp3-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

C:\Users\Theresa\Downloads\m4a-to-mp3-converter (1).exe Win32/Somoto.E potentially unwanted application

C:\Users\Theresa\Downloads\m4a-to-mp3-converter-cnet.exe Win32/Somoto.E potentially unwanted application

C:\Users\Theresa\Downloads\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

girlievapes · June 13, 2014

*****************FRST Log************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02

Ran by Theresa (administrator) on THERESA-PC on 13-06-2014 12:30:12

Running from C:\Users\Theresa\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)

HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1037728 2010-07-21] (TOSHIBA Corporation.)

HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3890208 2014-06-06] (AVAST Software)

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-444181680-736773822-1463581120-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC5703D9CE21CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {90887BE0-FCA7-4CF6-9614-3011D18BF001} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {90887BE0-FCA7-4CF6-9614-3011D18BF001} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {6053ADC7-0F80-4098-B639-DAEA00AF6785} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKCU - {90887BE0-FCA7-4CF6-9614-3011D18BF001} URL =

SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File

Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\8f84e1uk.default-1397923688806

FF SearchEngineOrder.1: Yahoo! (Avast)

FF Homepage: https://www.yahoo.com?fr=hp-avast&type=avastbcl

FF Keyword.URL: hxxp://us.yhs4.search.yahoo.com/yhs/search

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Theresa\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Theresa\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\8f84e1uk.default-1397923688806\searchplugins\yahoo-avast.xml

FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-01]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-13]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-01]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-13]

Chrome:

=======

CHR HomePage: https://www.yahoo.com?fr=hp-avast&type=avastbcl

CHR StartupUrls: "hxxp://www.google.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Shockwave Flash) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File

CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Theresa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

CHR Extension: (Google Translate) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2012-05-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-15]

CHR Extension: (Google Search) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-15]

CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-05-09]

CHR Extension: (AdBlock) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-30]

CHR Extension: (avast! Online Security) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-15]

CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-05-30]

CHR Extension: (Google Wallet) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-15]

CHR HKCU\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Theresa\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2012-04-15]

CHR HKCU\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\Theresa\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx [2012-04-15]

CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Theresa\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2012-04-15]

CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\Theresa\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx [2012-04-15]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-04-17]

CHR HKLM-x32\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - C:\Program Files (x86)\AP Suggestor\APSuggestor.crx [2014-04-17]

CHR StartMenuInternet: Google Chrome - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-04-17] (AVAST Software)

R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [109048 2014-04-17] (AVAST Software)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-01-30] (Macrovision Europe Ltd.) [File not signed]

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-09-30] (Intuit) [File not signed]

S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1251840 2010-09-17] () [File not signed]

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]

S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)

S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-17] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-03-25] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-17] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-17] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-17] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-17] ()

R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-09-03] (AVG Technologies)

R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 Tosrfcom; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-13 12:30 - 2014-06-13 12:30 - 00026853 _____ () C:\Users\Theresa\Desktop\FRST.txt

2014-06-13 12:30 - 2014-06-13 12:30 - 00000000 ____D () C:\Users\Theresa\Desktop\FRST-OlderVersion

2014-06-13 12:26 - 2014-06-13 12:26 - 00000949 _____ () C:\Users\Theresa\Desktop\eset-threatsfound.txt

2014-06-13 11:19 - 2014-06-13 11:19 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-13 11:18 - 2014-06-13 11:18 - 02347384 _____ (ESET) C:\Users\Theresa\Downloads\esetsmartinstaller_enu.exe

2014-06-13 11:07 - 2014-06-13 11:07 - 00001456 _____ () C:\Users\Theresa\Desktop\AdwCleaner[s4].txt

2014-06-13 10:50 - 2014-06-13 10:54 - 01016261 _____ (Thisisu) C:\Users\Theresa\Downloads\JRT (2).exe

2014-06-13 10:43 - 2014-06-13 10:43 - 00000698 _____ () C:\Users\Theresa\Desktop\JRT.txt

2014-06-12 20:16 - 2014-06-12 20:16 - 00004773 _____ () C:\Users\Theresa\Desktop\RKreport_SCN_06122014_201505.log

2014-06-12 19:15 - 2014-06-12 19:16 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-06-12 19:15 - 2014-06-12 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-06-12 19:05 - 2014-06-12 19:08 - 00791393 _____ (Lars Hederer ) C:\Users\Theresa\Downloads\erunt-setup.exe

2014-06-12 18:59 - 2014-06-12 19:01 - 00791393 _____ (Lars Hederer ) C:\Users\Theresa\Desktop\erunt-setup.exe

2014-06-12 18:56 - 2014-06-12 18:58 - 00002122 _____ () C:\Users\Theresa\Desktop\Rkill.txt

2014-06-12 18:49 - 2014-06-12 18:55 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Theresa\Desktop\rkill.exe

2014-06-06 14:18 - 2014-06-06 14:18 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-06 14:14 - 2014-06-06 14:15 - 04686336 _____ () C:\Users\Theresa\Desktop\RogueKiller.exe

2014-06-06 13:51 - 2014-06-06 13:52 - 01016261 _____ (Thisisu) C:\Users\Theresa\Downloads\JRT (1).exe

2014-06-06 13:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll

2014-06-06 13:43 - 2014-06-13 12:30 - 00000000 ____D () C:\FRST

2014-06-06 13:42 - 2014-06-06 13:42 - 01333465 _____ () C:\Users\Theresa\Desktop\AdwCleaner (2).exe

2014-06-06 13:40 - 2014-06-13 12:30 - 02081792 _____ (Farbar) C:\Users\Theresa\Desktop\FRST64.exe

2014-06-06 10:29 - 2014-06-06 10:29 - 00002259 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2014-06-06 10:29 - 2014-06-06 10:29 - 00001191 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk

2014-06-06 10:29 - 2014-06-06 10:29 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-06-06 10:29 - 2014-06-06 10:29 - 00000000 ____D () C:\Program Files\HP

2014-06-06 10:29 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM5412.dll

2014-06-06 10:15 - 2014-06-06 10:27 - 122662720 _____ () C:\Users\Theresa\Downloads\OJ6500_E710n-z_1315.exe

2014-05-30 12:49 - 2014-05-30 12:49 - 00016040 _____ () C:\Users\Theresa\Downloads\AccountHistory.ofx

2014-05-30 12:45 - 2014-05-30 12:45 - 00031460 _____ () C:\Users\Theresa\Downloads\AccountHistory.xls

2014-05-26 13:25 - 2009-08-20 00:50 - 00024416 ____R (Adobe Systems Inc.) C:\windows\system32\AdobePDFUI.dll

2014-05-24 09:31 - 2014-05-24 09:31 - 00000000 ____D () C:\windows\pss

2014-05-23 20:26 - 2014-05-23 21:34 - 00004056 _____ () C:\Users\Theresa\Desktop\additional-roku-channels-info.txt

2014-05-22 16:24 - 2014-05-22 16:25 - 00000000 ____D () C:\Users\Theresa\DESIGNER-THINGS-I-WANT

2014-05-19 10:29 - 2014-05-19 10:53 - 00000000 ____D () C:\Users\Theresa\Desktop\ebay-sample

2014-05-18 20:34 - 2014-05-18 20:35 - 00064890 _____ () C:\Users\Theresa\design-by-pixelchick.psd

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\Program Files\iTunes

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\Program Files\iPod

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-05-16 16:54 - 2014-05-22 16:24 - 00000000 ____D () C:\Users\Theresa\Documents\DIVORCE

2014-05-16 15:42 - 2014-05-16 15:42 - 00001086 _____ () C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

2014-05-16 15:42 - 2014-05-16 15:42 - 00000000 ____D () C:\Users\Theresa\AppData\Local\join.me

2014-05-16 15:17 - 2014-05-16 15:17 - 00001191 _____ () C:\Users\Theresa\Desktop\aquamarine-descrip.txt

2014-05-15 21:21 - 2014-05-15 21:22 - 00000000 ____D () C:\Users\Theresa\Documents\My Signature

2014-05-15 08:55 - 2014-05-15 08:55 - 00000000 ____D () C:\Users\Theresa\Desktop\COUPON-CODES

2014-05-14 08:49 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-05-14 08:49 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-05-14 08:49 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-05-14 08:49 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-05-14 08:49 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-05-14 08:49 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-05-14 08:44 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2014-05-14 08:44 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2014-05-14 08:44 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-05-14 08:44 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2014-05-14 08:44 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2014-05-14 08:44 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2014-05-14 08:44 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2014-05-14 08:44 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-05-14 08:44 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-05-14 08:44 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2014-05-14 08:44 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2014-05-14 08:44 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll

2014-05-14 08:44 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2014-05-14 08:44 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll

2014-05-14 08:44 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll

2014-05-14 08:44 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll

2014-05-14 08:44 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll

2014-05-14 08:44 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll

2014-05-14 08:44 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2014-05-14 08:44 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2014-05-14 08:44 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2014-05-14 08:44 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll

2014-05-14 08:44 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2014-05-14 08:44 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2014-05-14 08:43 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-05-14 08:43 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-05-14 08:43 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2014-05-14 08:43 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-13 12:30 - 2014-06-13 12:30 - 00026853 _____ () C:\Users\Theresa\Desktop\FRST.txt

2014-06-13 12:30 - 2014-06-13 12:30 - 00000000 ____D () C:\Users\Theresa\Desktop\FRST-OlderVersion

2014-06-13 12:30 - 2014-06-06 13:43 - 00000000 ____D () C:\FRST

2014-06-13 12:30 - 2014-06-06 13:40 - 02081792 _____ (Farbar) C:\Users\Theresa\Desktop\FRST64.exe

2014-06-13 12:30 - 2011-01-30 10:05 - 00000000 ____D () C:\Users\Theresa\AppData\Local\Temp

2014-06-13 12:26 - 2014-06-13 12:26 - 00000949 _____ () C:\Users\Theresa\Desktop\eset-threatsfound.txt

2014-06-13 12:20 - 2012-04-15 09:46 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-444181680-736773822-1463581120-1001UA.job

2014-06-13 11:35 - 2012-08-02 17:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-06-13 11:33 - 2013-05-20 16:10 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-13 11:19 - 2014-06-13 11:19 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-13 11:18 - 2014-06-13 11:18 - 02347384 _____ (ESET) C:\Users\Theresa\Downloads\esetsmartinstaller_enu.exe

2014-06-13 11:07 - 2014-06-13 11:07 - 00001456 _____ () C:\Users\Theresa\Desktop\AdwCleaner[s4].txt

2014-06-13 11:07 - 2009-07-13 23:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-13 11:07 - 2009-07-13 23:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-13 11:04 - 2010-11-20 08:30 - 01797456 _____ () C:\windows\WindowsUpdate.log

2014-06-13 11:00 - 2013-05-20 16:10 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-13 10:59 - 2013-07-06 09:06 - 00901400 _____ () C:\windows\PFRO.log

2014-06-13 10:59 - 2013-07-06 09:06 - 00010044 _____ () C:\windows\setupact.log

2014-06-13 10:59 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-06-13 10:58 - 2013-10-02 09:10 - 00000000 ____D () C:\AdwCleaner

2014-06-13 10:54 - 2014-06-13 10:50 - 01016261 _____ (Thisisu) C:\Users\Theresa\Downloads\JRT (2).exe

2014-06-13 10:43 - 2014-06-13 10:43 - 00000698 _____ () C:\Users\Theresa\Desktop\JRT.txt

2014-06-12 22:20 - 2012-04-15 09:46 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-444181680-736773822-1463581120-1001Core.job

2014-06-12 21:47 - 2012-10-02 09:05 - 00000000 ____D () C:\Users\Theresa\RESUME

2014-06-12 21:40 - 2011-01-30 17:14 - 1172259840 _____ () C:\Users\Theresa\Outlook.pst

2014-06-12 21:40 - 2011-01-30 16:41 - 00000000 ____D () C:\Users\Theresa\Documents\Outlook Files

2014-06-12 21:40 - 2011-01-30 10:05 - 00000000 ____D () C:\Users\Theresa

2014-06-12 20:16 - 2014-06-12 20:16 - 00004773 _____ () C:\Users\Theresa\Desktop\RKreport_SCN_06122014_201505.log

2014-06-12 19:17 - 2013-12-13 13:45 - 00000000 ____D () C:\windows\erdnt

2014-06-12 19:16 - 2014-06-12 19:15 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-06-12 19:15 - 2014-06-12 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-06-12 19:08 - 2014-06-12 19:05 - 00791393 _____ (Lars Hederer ) C:\Users\Theresa\Downloads\erunt-setup.exe

2014-06-12 19:01 - 2014-06-12 18:59 - 00791393 _____ (Lars Hederer ) C:\Users\Theresa\Desktop\erunt-setup.exe

2014-06-12 18:58 - 2014-06-12 18:56 - 00002122 _____ () C:\Users\Theresa\Desktop\Rkill.txt

2014-06-12 18:55 - 2014-06-12 18:49 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Theresa\Desktop\rkill.exe

2014-06-06 18:19 - 2011-03-17 21:03 - 00000132 _____ () C:\Users\Theresa\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-06-06 17:14 - 2011-03-28 14:39 - 00000132 _____ () C:\Users\Theresa\AppData\Roaming\Adobe IllExport Filter CS5 Prefs

2014-06-06 15:58 - 2013-02-27 19:53 - 00800096 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-06-06 14:18 - 2014-06-06 14:18 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-06 14:15 - 2014-06-06 14:14 - 04686336 _____ () C:\Users\Theresa\Desktop\RogueKiller.exe

2014-06-06 13:56 - 2014-04-13 11:05 - 00000000 ____D () C:\Program Files (x86)\Coupons

2014-06-06 13:52 - 2014-06-06 13:51 - 01016261 _____ (Thisisu) C:\Users\Theresa\Downloads\JRT (1).exe

2014-06-06 13:42 - 2014-06-06 13:42 - 01333465 _____ () C:\Users\Theresa\Desktop\AdwCleaner (2).exe

2014-06-06 10:37 - 2012-03-21 10:01 - 00000000 ____D () C:\Users\Theresa\AppData\Local\HP

2014-06-06 10:29 - 2014-06-06 10:29 - 00002259 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2014-06-06 10:29 - 2014-06-06 10:29 - 00001191 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk

2014-06-06 10:29 - 2014-06-06 10:29 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-06-06 10:29 - 2014-06-06 10:29 - 00000000 ____D () C:\Program Files\HP

2014-06-06 10:29 - 2011-10-13 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-06-06 10:29 - 2011-09-26 10:51 - 00000000 ____D () C:\Program Files (x86)\HP

2014-06-06 10:29 - 2011-01-30 10:18 - 00000000 ____D () C:\ProgramData\HP

2014-06-06 10:27 - 2014-06-06 10:15 - 122662720 _____ () C:\Users\Theresa\Downloads\OJ6500_E710n-z_1315.exe

2014-06-06 09:43 - 2012-09-16 14:24 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-02 16:46 - 2014-04-01 19:54 - 00000000 ____D () C:\Users\Theresa\Desktop\FW

2014-05-30 12:49 - 2014-05-30 12:49 - 00016040 _____ () C:\Users\Theresa\Downloads\AccountHistory.ofx

2014-05-30 12:45 - 2014-05-30 12:45 - 00031460 _____ () C:\Users\Theresa\Downloads\AccountHistory.xls

2014-05-26 13:25 - 2011-01-30 18:44 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk

2014-05-26 13:25 - 2011-01-30 18:44 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk

2014-05-26 13:03 - 2012-07-04 08:27 - 00004184 _____ () C:\windows\System32\Tasks\avast! Emergency Update

2014-05-25 19:56 - 2011-04-16 08:04 - 00000000 ____D () C:\Users\Theresa\Desktop\BANG

2014-05-25 09:31 - 2011-02-28 15:36 - 00000000 ____D () C:\Users\Theresa\AppData\Local\CrashDumps

2014-05-24 09:31 - 2014-05-24 09:31 - 00000000 ____D () C:\windows\pss

2014-05-24 09:31 - 2011-01-30 10:07 - 00000000 ___RD () C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-24 09:22 - 2013-08-11 21:40 - 00000000 ____D () C:\Users\Theresa\AppData\Local\Screencast-O-Matic

2014-05-23 21:34 - 2014-05-23 20:26 - 00004056 _____ () C:\Users\Theresa\Desktop\additional-roku-channels-info.txt

2014-05-23 11:03 - 2011-05-06 18:51 - 00000000 ____D () C:\Users\Theresa\Desktop\AUCTIONS

2014-05-22 16:25 - 2014-05-22 16:24 - 00000000 ____D () C:\Users\Theresa\DESIGNER-THINGS-I-WANT

2014-05-22 16:24 - 2014-05-16 16:54 - 00000000 ____D () C:\Users\Theresa\Documents\DIVORCE

2014-05-22 12:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

2014-05-20 12:43 - 2011-02-27 17:23 - 00845824 ___SH () C:\Users\Theresa\Thumbs.db

2014-05-20 11:38 - 2011-09-06 21:42 - 00000000 ____D () C:\Users\Theresa\Documents\RESUME

2014-05-19 11:21 - 2012-07-22 08:19 - 00000000 ____D () C:\Users\Theresa\AppData\Roaming\FileZilla

2014-05-19 10:53 - 2014-05-19 10:29 - 00000000 ____D () C:\Users\Theresa\Desktop\ebay-sample

2014-05-18 20:35 - 2014-05-18 20:34 - 00064890 _____ () C:\Users\Theresa\design-by-pixelchick.psd

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\Program Files\iTunes

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\Program Files\iPod

2014-05-18 10:31 - 2014-05-18 10:31 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-05-16 16:59 - 2011-05-12 12:22 - 00000000 ____D () C:\Users\Theresa\Desktop\KIRK

2014-05-16 16:54 - 2012-05-15 19:56 - 00000000 ____D () C:\Users\Theresa\VAPING

2014-05-16 15:42 - 2014-05-16 15:42 - 00001086 _____ () C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

2014-05-16 15:42 - 2014-05-16 15:42 - 00000000 ____D () C:\Users\Theresa\AppData\Local\join.me

2014-05-16 15:17 - 2014-05-16 15:17 - 00001191 _____ () C:\Users\Theresa\Desktop\aquamarine-descrip.txt

2014-05-15 21:22 - 2014-05-15 21:21 - 00000000 ____D () C:\Users\Theresa\Documents\My Signature

2014-05-15 17:14 - 2014-04-22 10:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-15 11:56 - 2011-05-11 18:05 - 00000000 ____D () C:\Users\Theresa\AppData\Roaming\Audacity

2014-05-15 11:43 - 2013-08-23 20:03 - 00000000 ____D () C:\Users\Theresa\Desktop\70s-Rock

2014-05-15 11:38 - 2014-01-06 17:31 - 00000000 ____D () C:\Users\Theresa\70s-Rock

2014-05-15 10:05 - 2013-02-24 14:01 - 00000000 ____D () C:\Users\Theresa\dwhelper

2014-05-15 09:42 - 2014-04-17 14:07 - 00447888 _____ (AVAST Software) C:\windows\system32\Drivers\aswndisflt.sys

2014-05-15 09:42 - 2014-01-01 11:58 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys

2014-05-15 09:42 - 2011-01-30 11:19 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys

2014-05-15 09:42 - 2011-01-30 11:19 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys

2014-05-15 08:56 - 2011-06-12 22:34 - 00000000 ____D () C:\Users\Theresa\Desktop\AAPC

2014-05-15 08:55 - 2014-05-15 08:55 - 00000000 ____D () C:\Users\Theresa\Desktop\COUPON-CODES

2014-05-14 11:35 - 2012-08-02 17:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-05-14 11:35 - 2012-04-04 10:28 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-05-14 11:35 - 2011-05-13 09:17 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-14 10:05 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

2014-05-14 08:56 - 2011-01-30 10:07 - 00000000 ___RD () C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-14 08:52 - 2014-04-22 12:28 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-05-14 08:50 - 2011-01-30 13:58 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-14 08:48 - 2013-07-11 12:55 - 00000000 ____D () C:\windows\system32\MRT

2014-05-14 08:46 - 2011-01-30 15:02 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:

====================

C:\Users\Theresa\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-12 18:04

==================== End Of Log ============================

girlievapes · June 13, 2014

*********************ADDITIONAL Log*********************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02

Ran by Theresa at 2014-06-13 12:31:04

Running from C:\Users\Theresa\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

ABO REVIEW version 1.5 (HKLM-x32\...\{D5E9FD6C-1039-4D15-B850-2C36397C9789}_is1) (Version: 1.5 - maxtransfer7)

Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)

Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 5 Web Premium (HKLM-x32\...\{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}) (Version: 5.0 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)

AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)

Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)

AudioLabel (HKLM-x32\...\AudioLabel) (Version: 4.40 (Build 10) - CDCoverSoft)

avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)

Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.16(T) - TOSHIBA CORPORATION)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.126.0.62 - Conexant)

Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)

eJuice Me Up (HKLM-x32\...\{28107FBC-832A-4E18-9C9D-4E771B441F69}) (Version: 10.6.0.0 - Breaktru Software)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden

FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )

FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)

Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)

Free Video to MP3 Converter version 5.0.17.822 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.17.822 - DVDVideoSoft Ltd.)

Free WMV To MP4 Converter (HKLM-x32\...\{5B8DDC16-42A2-4870-A843-BD0EFE909A6B}) (Version: 1.0.0 - convertaudiofree)

Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version: - )

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

GuitarCourses.ws Fretboard Trainer 1.2 (HKLM-x32\...\{0FD70D48-4561-4E2F-8748-A76DF79CB5A5}) (Version: 1.2.0.0 - GuitarCourses.ws)

HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION)

HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden

HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)

HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)

iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)

iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)

Jamorama Chordinator (HKLM-x32\...\{B5A15233-31EC-4D6B-9EC5-D1116B238160}) (Version: 1.0 - Jamorama)

Jamorama Software (HKLM-x32\...\{3CDC3396-0169-41FC-B7E8-C7AE080DB3E8}) (Version: 1.2 - Rock Star Recipes)

Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

join.me (HKCU\...\JoinMe) (Version: 1.14.0.138 - LogMeIn, Inc.)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)

Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)

Make The Cut! (HKLM-x32\...\Make The Cut!) (Version: 4.6.1.0 - Make The Cut, LLC.)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)

Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden

NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)

O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{010FFE0B-4C25-4EDC-A44E-8B8C5A64AF68}) (Version: 2.0.46 - O2Micro International LTD.)

O2Micro Flash Memory Card Windows Driver (Version: 2.0.46 - O2Micro International LTD.) Hidden

OCC Agent (remove only) (HKLM-x32\...\OCCAgent) (Version: - )

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Personal Color Viewer (HKLM-x32\...\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1) (Version: 3.0.2 - Eco Color Company)

Personal Color Viewer (x32 Version: 3.0.2 - Eco Color Company) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

QuickBooks (x32 Version: 21.0.4003.904 - Intuit Inc.) Hidden

QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4003.904 - Intuit Inc.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)

TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)

TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)

TOSHIBA eco Utility (Version: 1.2.18.64 - TOSHIBA Corporation) Hidden

TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation) Hidden

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden

TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.02.01.00 - )

TOSHIBA Hardware Setup (Version: 4.02.01.00 - TOSHIBA) Hidden

TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden

TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden

TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)

TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.02.01.00 - )

TOSHIBA Supervisor Password (Version: 4.02.01.00 - TOSHIBA) Hidden

TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.4.0 - TOSHIBA Corporation)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.40.64 - TOSHIBA Corporation)

TOSHIBA Value Added Package (Version: 1.2.40.64 - TOSHIBA Corporation) Hidden

TOSHIBA Value Added Package (x32 Version: 1.2.40.64 - TOSHIBA Corporation) Hidden

TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)

TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

TuneUp Utilities Language Pack (en-US) (x32 Version: 10.0.4500.46 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (en-US) (x32 Version: 9.0.4200.58 - TuneUp Software) Hidden

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points =========================

21-05-2014 13:54:11 Windows Update

29-05-2014 05:00:03 Scheduled Checkpoint

30-05-2014 15:09:48 Windows Update

04-06-2014 03:10:02 Windows Update

13-06-2014 03:53:06 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-12-13 13:58 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {066CD90D-1556-4ABC-8C02-A42DCE9289E0} - System32\Tasks\{C8D397CC-2982-41AC-AFE0-49B4D18BD0B4} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111&LastError=12002

Task: {077D58EB-279E-4985-8A46-B9F8F2E2EEC2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {07CE6458-AE46-4EB8-A927-317AC82FAA59} - \Escolade No Task File <==== ATTENTION

Task: {2D2F65AC-0212-4006-B4C7-9372290ABD8B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)

Task: {373A631A-8510-4FD1-82EF-EA4FF4931540} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)

Task: {3DCF6F68-F8F3-41B3-86BF-BF16E4A93D5A} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)

Task: {512CED08-9F12-455E-B241-B556BA0CC945} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)

Task: {65E050EF-47AB-4846-8C75-B54622E2D22F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-444181680-736773822-1463581120-1001Core => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)

Task: {6F00ED22-01B5-4608-82EC-14CAC4982C57} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe

Task: {7207CA7E-17B9-45D4-96B1-FF0E5A64E266} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-04-17] (AVAST Software)

Task: {9B4060B1-9192-4262-B470-FF034C961357} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {9FE1CAFB-F940-4540-B92A-FC4B8D39A69D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-444181680-736773822-1463581120-1001UA => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)

Task: {AE633FCD-094D-4D83-B42E-EAF6F97F84D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {B0191C6A-ADBC-4A74-BDE5-F36846B2CDFB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

Task: {C4AD508A-3930-4363-9054-5DC5DCD5331F} - System32\Tasks\Google Updater and Installer => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)

Task: {D4F4E674-30EE-4207-81EC-CABCD5E48BAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)

Task: {E5F66D65-3A21-4996-8A5F-4AA6AB164D09} - System32\Tasks\{FEDCF914-A8EB-41D8-B4C2-22ABEEE646BD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)

Task: {F9F581AB-FC08-460C-A219-43FA9DE365B9} - System32\Tasks\AdobeAAMUpdater-1.0-Theresa-PC-Theresa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-444181680-736773822-1463581120-1001Core.job => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-444181680-736773822-1463581120-1001UA.job => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2014-06-13 06:59 - 2014-06-13 06:59 - 02775040 _____ () C:\Program Files\Alwil Software\Avast5\defs\14061300\algo.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-21 07:27 - 2013-10-21 07:27 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

2014-03-28 04:35 - 2014-03-28 04:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-06-12 18:23 - 2014-06-05 08:58 - 00716616 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-12 18:23 - 2014-06-05 08:58 - 00126280 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-12 18:23 - 2014-06-05 08:58 - 04217672 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-12 18:23 - 2014-06-05 08:58 - 00414536 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-12 18:23 - 2014-06-05 08:58 - 01732424 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Theresa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Google Update => "C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Screencast-O-Matic Tray => C:\Users\Theresa\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe

MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/13/2014 11:19:11 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2014 11:19:06 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2014 10:48:15 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2014 10:48:15 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:

=============

Error: (06/13/2014 11:00:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The vToolbarUpdater15.4.0 service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (06/13/2014 11:19:11 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Theresa\Downloads\esetsmartinstaller_enu.exe

Error: (06/13/2014 11:19:06 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Theresa\Downloads\esetsmartinstaller_enu.exe

Error: (06/13/2014 10:48:15 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (06/13/2014 10:48:15 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

CodeIntegrity Errors:

===================================

Date: 2013-12-13 12:54:46.551

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-12-13 12:54:46.379

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 32%

Total physical RAM: 8180.48 MB

Available physical RAM: 5506.14 MB

Total Pagefile: 16359.14 MB

Available Pagefile: 13631.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI105970W0D) (Fixed) (Total:452.95 GB) (Free:303.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: () (Removable) (Total:3.69 GB) (Free:3.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: EE65063B)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11 GB) - (Type=17)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

AdvancedSetup · June 13, 2014

Notice these software downloads you have and the listed threats from ESET antivirus. These are not immediate threats but what happens is the installer tries to install this other junk PUP (Possibly Unwanted Programs) on your computer in an effort to monitize their return on investment but ultimately what happens is that these add-ons via advertising and marketing will almost certainly sooner or later bring you to a Website that you would never have gone to on your own and potentially infect your computer for real if its not protected from whatever threat is trying to attack you.

It's best to be very cautious of any free software and if needed ask for help before installing such items.

What are the 'PUP' detections, are they threats, and should they be deleted?

C:\Users\Theresa\Downloads\audioextractor.exe Win32/InstallMonetizer.AU potentially unwanted application
C:\Users\Theresa\Downloads\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Theresa\Downloads\freeripmp3-setup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Theresa\Downloads\freeripmp3-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Theresa\Downloads\m4a-to-mp3-converter (1).exe Win32/Somoto.E potentially unwanted application
C:\Users\Theresa\Downloads\m4a-to-mp3-converter-cnet.exe Win32/Somoto.E potentially unwanted application
C:\Users\Theresa\Downloads\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

I also notice that you have TuneUp Utilities 2013 and a scheduled task that runs daily. Personally I don't think you need software like that but that's up to you just make sure it's not doing any Registry cleaning. You can read the following about it: Do I need a Windows Registry Cleaner?

You also have items disabled from running using MSCONFIG - please see the following article about using MSCONFIG in that manner. Msconfig Is Not A Startup Manager
I would recommend either uninstalling the program if not wanted or using another tool as a startup manager if needed than MSCONFIG

STEP 1
Please go into Control Panel, Add/Remove and uninstall ALL versions of Java. Then run the following
Please download JavaRa-1.16 and save it to your computer.

Double click to open the zip file and then select all and choose Copy.
Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
Quit all browsers and other running applications.
Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it in your next reply.

STEP 2
Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Then RESTART THE COMPUTER

STEP 3
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

girlievapes · June 14, 2014

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jun 13 14:28:29 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.

girlievapes · June 14, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02

Ran by Theresa at 2014-06-13 20:51:03 Run:2

Running from C:\Users\Theresa\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************