wismommy

ok this is what I got...notice at the end it cuts off?? not sure what this is all about but this is all that is there. TimeCreated : 10/6/2014 3:26:59 AM Message : Checking file system on C: The type of the file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... The attribute of type 0x80 and instance tag 0x3 in file 0xb59b has allocated length of 0x388000 instead of 0x38c000. Deleting corrupt attribute record (128, "") from file record segment 46491. The attribute of type 0x80 and instance tag 0x4 in file 0xe825 has allocated length of 0xe000 instead of 0x10000. Deleting corrupt attribute record (128, "") from file record segment 59429. The attribute of type 0x80 and instance tag 0x4 in file 0x17379 has allocated length of 0x148000 instead of 0x14f000. Deleting corrupt attribute record (128, "") from file record segment 95097. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x140c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x19d09 is already in use. Deleting corrupt attribute record (128, "") from file record segment 105737. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x13442c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x1b1e6 is already in use. Deleting corrupt attribute record (128, "") from file record segment 111078. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x412d0 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x1c010 is already in use. Deleting corrupt attribute record (128, "") from file record segment 114704. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x47014 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x1c011 is already in use. Deleting corrupt attribute record (128, "") from file record segment 114705. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3d058 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1c974 is already in use. Deleting corrupt attribute record (128, "") from file record segment 117108. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x39f2a for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x201f7 is already in use. Deleting corrupt attribute record (128, "") from file record segment 131575. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x41088 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x2039a is already in use. Deleting corrupt attribute record (128, "") from file record segment 131994. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x63ce1 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x1 in file 0x2468a is already in use. Deleting corrupt attribute record (128, "") from file record segment 149130. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x46888 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x24d91 is already in use. Deleting corrupt attribute record (128, "") from file record segment 150929. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x3a10c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x1 in file 0x24f2f is already in use. Deleting corrupt attribute record (128, "") from file record segment 151343. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x38aa4 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x250e1 is already in use. Deleting corrupt attribute record (128, "") from file record segment 151777. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x10b5640 for possibly 0x10 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x25101 is already in use. Deleting corrupt attribute record (128, "") from file record segment 151809. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3b724 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x2879b is already in use. Deleting corrupt attribute record (128, "") from file record segment 165787. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x91a0c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x288c3 is already in use. Deleting corrupt attribute record (128, "") from file record segment 166083. Attribute record of type 0x80 and instance tag 0x0 is cross linked starting at 0x1254536 for possibly 0xf clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x0 in file 0x28bb5 is already in use. The attribute of type 0x80 and instance tag 0x0 in file 0x28bb5 has allocated length of 0x7b16000 instead of 0xb00000. Deleted corrupt attribute list entry with type code 128 in file 166837. Unable to locate attribute with instance tag 0x0 and segment reference 0x2c0000000124dd. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 74973. Unable to locate attribute with instance tag 0x0 and segment reference 0x420000000129b2. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 76210. Unable to locate attribute with instance tag 0x0 and segment reference 0x130000000129ce. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 76238. Unable to locate attribute with instance tag 0x0 and segment reference 0x19000000013401. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 78849. Unable to locate attribute with instance tag 0x0 and segment reference 0x2c000000013917. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 80151. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x10c6f47 for possibly 0xff clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x2cf78 is already in use. Deleting corrupt attribute record (128, "") from file record segment 184184. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ba9b for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x30b7e is already in use. Deleting corrupt attribute record (128, "") from file record segment 199550. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64f39 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x30b8d is already in use. Deleting corrupt attribute record (128, "") from file record segment 199565. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3dc66 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3103a is already in use. Deleting corrupt attribute record (128, "") from file record segment 200762. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x98f34 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x31309 is already in use. Deleting corrupt attribute record (128, "") from file record segment 201481. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x98f35 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x31f30 is already in use. Deleting corrupt attribute record (128, "") from file record segment 204592. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x44c3c for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x35cfb is already in use. Deleting corrupt attribute record (128, "") from file record segment 220411. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x400ee for possibly 0x2 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x35f2a is already in use. Deleting corrupt attribute record (128, "") from file record segment 220970. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x39fa8 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37434 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226356. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ada9 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37461 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226401. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x47c39 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37541 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226625. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3adab for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37583 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226691. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x403ad for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37588 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226696. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3dc65 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x375de is already in use. Deleting corrupt attribute record (128, "") from file record segment 226782. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x400f0 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x375ea is already in use. Deleting corrupt attribute record (128, "") from file record segment 226794. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3fc1d for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x378c1 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227521. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x40e97 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x378cb is already in use. Deleting corrupt attribute record (128, "") from file record segment 227531. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x46cc0 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x378f0 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227568. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x65b44 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3790c is already in use. Deleting corrupt attribute record (128, "") from file record segment 227596. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64345 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3791f is already in use. Deleting corrupt attribute record (128, "") from file record segment 227615. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64f3b for possibly 0x5 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37922 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227618. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3cc9f for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37925 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227621. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ce6c for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3793f is already in use. Deleting corrupt attribute record (128, "") from file record segment 227647. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64528 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37dc3 is already in use. Deleting corrupt attribute record (128, "") from file record segment 228803. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3b07c for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37dcb is already in use. Deleting corrupt attribute record (128, "") from file record segment 228811. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x40ee5 for possibly 0x2 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x37f3d is already in use. Deleting corrupt attribute record (128, "") from file record segment 229181. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x403ae for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37f71 is already in use. Deleting corrupt attribute record (128, "") from file record segment 229233. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x403af for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37f7a is already in use. Deleting corrupt attribute record (128, "") from file record segment 229242. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3b625 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x381d0 is already in use. Deleting corrupt attribute record (128, "") from file record segment 229840. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x40e96 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x38354 is already in use. Deleting corrupt attribute record (128, "") from file record segment 230228. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x40e98 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x384dc is already in use. Deleting corrupt attribute record (128, "") from file record segment 230620. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x4211b for possibly 0x2 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x385ed is already in use. Deleting corrupt attribute record (128, "") from file record segment 230893. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x656a6 for possibly 0x1 clusters. Some clu

I think I may have to do a clean reinstall, I have major problems. I tried running the CHKDSK and I accidently did the short one again (3 step) and every line said ".....file is corrupt" or "1383848 is an orphan"? Whatever that means! Anyway i am getting invalid directory errors, explorer.exe errors, etc. From what I have researched online it may be easier to do a clean install. However, I am doing a FULL CHKDSK right now, and will let it run overnight and see what I get in the morning. As of right now I can only email from my phone which is why I couldn't attach any files or screenshots for you at this time.

the chkdsk gets stuck at 27% complete and just sits there???? is there something else I can try??

still trying...

also, is there a problem with my malwarebytes program as listed in this log: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x180 Faulting application start time: 0x01cfdce367fc1e51 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: b02bffe5-48d6-11e4-befa-b8763fca6e94 Faulting package full name: Faulting package-relative application ID:

Checking file system on C: The type of the file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... The attribute of type 0x80 and instance tag 0x4 in file 0xf21 has allocated length of 0x30000 instead of 0x170000. Deleting corrupt attribute record (128, "") from file record segment 3873. The attribute of type 0x80 and instance tag 0x0 in file 0x165cb has allocated length of 0xa7610000 instead of 0xa7590000. Deleted corrupt attribute list entry with type code 128 in file 91595. Unable to locate attribute with instance tag 0x0 and segment reference 0x100000006d2df. The expected attribute type is 0x80. Deleting corrupt attribute record (128, $J) from file record segment 447199. 612864 file records processed. File verification completed. 9916 large file records processed. 0 bad file records processed. CHKDSK is verifying indexes (stage 2 of 3)... 736018 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... CHKDSK is compacting the security descriptor stream Cleaning up 2218 unused security descriptors. Inserting data attribute into file 3873. 61579 data files processed. CHKDSK is verifying Usn Journal... Creating Usn Journal $J data stream Usn Journal verification completed. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. No further action is required. 943269887 KB total disk space. 139401868 KB in 414022 files. 219344 KB in 61581 indexes. 0 KB in bad sectors. 709119 KB in use by the system. 65536 KB occupied by the log file. 802939556 KB available on disk. 4096 bytes in each allocation unit. 235817471 total allocation units on disk. 200734889 allocation units available on disk. Internal Info: 00 5a 09 00 dc 41 07 00 e4 b7 0c 00 00 00 00 00 .Z...A.......... 12 07 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 ....*........... 20 03 e9 e3 75 00 00 00 00 00 00 00 00 00 00 00 ...u........... Windows has finished checking your disk. Please wait while your computer restarts.

I am still having issues with it running slow and some programs continue to freeze up on me like Firefox/chrome/Word....

ComboFix 14-09-29.02 - Ann 09/28/2014 16:39:13.1.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8071.6404 [GMT -5:00] Running from: c:\users\Ann\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ann\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2 c:\windows\TEMP\WRusr.dll-410316984-1.tmp . . ((((((((((((((((((((((((( Files Created from 2014-08-28 to 2014-09-28 ))))))))))))))))))))))))))))))) . . 2014-09-28 21:56 . 2014-09-28 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-20 22:11 . 2014-09-20 22:11 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-09-20 22:11 . 2014-09-20 22:11 -------- d-----w- c:\programdata\RogueKiller 2014-09-19 23:51 . 2014-09-19 23:51 -------- d-----w- c:\programdata\KingsIsle Entertainment 2014-09-19 21:43 . 2014-09-19 21:48 -------- d-----w- C:\FRST 2014-09-17 01:23 . 2014-09-17 01:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-09-17 01:23 . 2014-07-25 17:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-16 02:47 . 2014-08-09 08:30 148480 ----a-w- c:\windows\system32\poqexec.exe 2014-09-16 02:47 . 2014-08-09 08:29 144896 ----a-w- c:\windows\system32\tssdisai.dll 2014-09-13 02:15 . 2014-09-13 02:15 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin 2014-09-11 20:11 . 2013-05-14 13:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2014-09-11 19:23 . 2014-09-04 22:36 755712 ----a-w- c:\windows\system32\aepdu.dll 2014-09-11 19:23 . 2014-09-03 01:49 556544 ----a-w- c:\windows\system32\aeinv.dll 2014-09-11 19:23 . 2014-07-26 02:19 26218496 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2014-09-11 19:23 . 2014-07-26 01:52 25479168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2014-09-10 16:48 . 2014-09-10 16:48 -------- d-----w- c:\program files\iPod 2014-09-10 16:48 . 2014-09-10 16:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-10 16:48 . 2014-09-10 16:49 -------- d-----w- c:\program files\iTunes 2014-09-10 16:48 . 2014-09-10 16:49 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-28 16:14 . 2013-08-26 15:48 154760 ----a-w- c:\windows\SysWow64\WRusr.dll 2014-09-28 16:14 . 2013-08-26 15:48 115680 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2014-09-28 16:14 . 2013-08-26 15:48 105320 ----a-w- c:\windows\system32\WRusr.dll 2014-09-20 15:16 . 2013-08-26 16:45 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-09-19 21:39 . 2014-06-28 20:17 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-09-11 19:59 . 2013-08-27 10:12 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-02 19:32 . 2014-07-13 21:54 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-02 19:32 . 2014-07-13 21:54 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-08-28 23:21 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-26 12:18 . 2013-08-26 15:51 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe 2014-08-23 06:47 . 2014-08-27 19:49 4036096 ----a-w- c:\windows\system32\win32k.sys 2014-08-22 17:14 . 2014-04-08 15:19 13792 ----a-w- c:\windows\system32\drivers\semav6thermal64ro.sys 2014-08-19 01:23 . 2014-06-28 20:17 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-28 19:52 . 2014-07-28 19:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll 2014-07-28 19:52 . 2014-07-28 19:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2014-07-15 23:03 . 2014-08-13 19:16 1300992 ----a-w- c:\windows\system32\gdi32.dll 2014-07-15 22:51 . 2014-08-13 20:03 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2014-07-12 02:36 . 2014-08-13 19:16 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-06-30 22:42 . 2014-07-10 14:42 394240 ----a-w- c:\windows\system32\devinv.dll 2014-06-30 22:42 . 2014-07-10 14:42 87552 ----a-w- c:\windows\system32\aepic.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-05-17 00:28 223432 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-05-17 00:28 223432 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-05-17 00:28 223432 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyDrive"="c:\users\Ann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-05-17 257224] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160] "Akamai NetSession Interface"="c:\users\Ann\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920] "HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-02-06 740376] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-09-28 767600] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart 0"="c:\program files\Common Files\microsoft shared\ink\TabTip.exe" [2014-06-11 394624] "Application Restart 8DB02F5BFC3B45E39C60F87E4F10D0085A4CE723"="c:\program files\Common Files\microsoft shared\ink\TabTip.exe" [2014-06-11 394624] . c:\users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-20 195240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-8-26 10395072] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-8-26 10395072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] R3 iscFlash;iscFlash;c:\programdata\Sony Corporation\Sony Packaging Manager\PackagingTemp\{A84ECFAD-3DE9-4CC7-98C2-F7EBDA07401A}\TOOL_WIN\iscflashx64.sys;c:\programdata\Sony Corporation\Sony Packaging Manager\PackagingTemp\{A84ECFAD-3DE9-4CC7-98C2-F7EBDA07401A}\TOOL_WIN\iscflashx64.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NetworkSupport;NetworkSupport;c:\program files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe;c:\program files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [x] R3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R3 SOHDms;VAIO Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x] S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-25 02:32 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2014-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-28 21:00] . 2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 04:17] . 2014-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 04:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-05-17 00:28 262344 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-05-17 00:28 262344 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-05-17 00:28 262344 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-09-20 15:17 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-09-20 15:17 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-09-20 15:17 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-08-26 10592256] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-11 1381744] "Bluetooth"="c:\program files\WIDCOMM\Bluetooth Software\bttray.exe" [2012-12-14 526704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 442352] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\m2xatij3.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/default.aspx . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-NCUpdateHelper - c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe SafeBoot-60575516.sys . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\X6va021] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2014-09-28 17:01:55 ComboFix-quarantined-files.txt 2014-09-28 22:01 . Pre-Run: 817,708,756,992 bytes free Post-Run: 822,703,656,960 bytes free . - - End Of File - - 3F8349A656569195358FA71B8E4D3C47

Nope, this is just an ordinary laptop, I use it for school and my kids have been gaming on it. I am the admin, and I don't know anything about any policies that may be present nor do I know what you mean by that

sorry, again it wouldn't let me paste. every time I tried my computer locked up. here is the file: TDSSKiller.3.0.0.40_23.09.2014_17.17.09_log.txt

Hello Naat, Thank you for taking the time to help me! I have noticed lately that my laptop has been very sluggish, programs "stop responding", flash player keeps stopping, and some programs fail to open, such as Malwarebytes. My children have taken over my laptop lately and I am afraid they may have accidently downloaded a virus. Here is the log file from Rogue Killer: Well, it says that it is too long so I will have to attach it as a file. I hope that is ok? RKreport_SCN_09202014_173021.log

Hello, I have attached the FRST.txt and Addition.txt files below because I received an error that my post was too long. Thank you in advance, and I look forward to working with you on this. FRST.txt Addition.txt

Should I do a reinstall of the system before I follow your steps above?

ok i ran RK in safe mode, here is the report: RogueKiller V8.8.5 [Feb 3 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode User : Ann [Admin rights] Mode : Scan -- Date : 02/04/2014 15:53:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : BYRUA_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [7]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] U : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6133c873-5bc5-23fa-4cd6-bb625cf1a256}\U [-] --> FOUND [ZeroAccess][Folder] L : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6133c873-5bc5-23fa-4cd6-bb625cf1a256}\L [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5055GSX +++++ --- User --- [MBR] cabfa7fedb674dd5b1317e04b35a68a3 [bSP] ce5d6e2a0702a1f2d7419115ce7e7b59 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8832 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 18092032 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18296832 | Size: 468005 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02042014_155330.txt >>

ok i downloaded from their site (bleepincomputer) does it usually take a long time for it to "check processes" before it will allow me to start to scan? it has been stuck on "Search filter host.exe" for a long time. and it also says " KILLED [TermProc] down under the "status" field...please advise

the link for roue killer for 64 bit doesn't work??

I didn't see this reply until now I will run this today

my kids have taken over my laptop and I fear that I may have an infection of some sort....I would appreciate any help, thanks! here are the files as requested: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/25/2011 10:01:40 PM System Uptime: 1/31/2014 4:09:20 AM (13 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | N/A | 2267/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 457 GiB total, 312.595 GiB free. E: is Removable F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4a9c2fa7-d63f-44c5-a247-bb3289a3739f} Description: Activision Xbox360 Spyro Portal Device ID: ROOT\XBOX360USBDEVICE\0000 Manufacturer: Activision Name: Activision Xbox360 Spyro Portal PNP Device ID: ROOT\XBOX360USBDEVICE\0000 Service: WinUSB . ==== System Restore Points =================== . RP320: 12/28/2013 8:47:40 PM - Windows Update RP321: 12/29/2013 3:01:20 AM - Windows Update RP322: 1/23/2014 9:17:42 PM - avast! antivirus system restore point RP323: 1/23/2014 9:41:35 PM - Removed Your Future In Nursing RP324: 1/23/2014 9:43:26 PM - Removed Medcin Student Edition RP325: 1/23/2014 9:51:16 PM - Removed Medcin Server RP326: 1/23/2014 9:51:35 PM - Removed Livescribe Connect RP327: 1/23/2014 10:07:32 PM - Device Driver Package Install: Avast Network Service RP328: 1/23/2014 10:09:36 PM - Removed iTunes RP329: 1/23/2014 11:02:20 PM - Installed iTunes RP330: 1/24/2014 3:01:25 AM - Windows Update . ==== Installed Programs ====================== . 3DVIA player 5.0 4400K410 64 Bit HP CIO Components Installer Abyss: The Wraiths of Eden Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 12.0 Amazon MP3 Downloader 1.0.12 Angry Birds Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 3 AT&T Troubleshoot & Resolve Tool avast! EasyPass avast! Internet Security Awakening: Moonfell Wood Awakening: The Dreamless Castle Awakening: The Goblin Kingdom Awakening: The Skyward Castle Collector's Edition Awakening: The Sunhook Spire Collector's Edition Barbie In The 12 Dancing Princesses Big Fish: Game Manager Bing Bar Bing Rewards Client Installer Bonjour BufferChm Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows D3DX10 Define Ext Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Dropbox Elizabeth Find M.D. - Diagnosis Mystery eReg European Mystery: Scent of Desire Collector’s Edition Evernote v. 4.5.8 FeralHeart version 1.13 ffdshow [rev 2527] [2008-12-19] Forbidden Secrets: Alien Town Collector's Edition Gardenscapes: Mansion Makeover™ Google Chrome Google Drive Google Earth Plug-in Google Update Helper GPBaseService2 Hamster Free Video Convertor Hidden Mysteries®: The Fateful Voyage - Titanic HP Customer Participation Program 14.0 HP Deskjet 3050A J611 series Basic Device Software HP Deskjet 3050A J611 series Help HP Deskjet 3050A J611 series Product Improvement Study HP Imaging Device Functions 14.0 HP Officejet 4400 K410 All-in-One Driver Software 14.0 Rel. 7 HP Photo Creations HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPPhotoGadget HPProductAssistant HPSSupply iCloud Intel AppUp(SM) center Intel PROSet Wireless Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Intel® Wireless Display iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 39 (64-bit) JumpStart Advanced Kindergarten Junk Mail filter update LG Android Drivers LG United Mobile Drivers LG USB Modem driver LiveMath Plug-In & ActiveX 3.5.9 [u18] - August 2008 LiveMath Viewer 3.5.9 [u18] - August 2008 Logitech SetPoint 6.32 Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Media Gallery Microsoft .NET Framework 4.5 Microsoft Application Error Reporting Microsoft Default Manager Microsoft IntelliPoint 8.0 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft XNA Framework Redistributable 4.0 MobileMe Control Panel Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery Case Files®: Dire Grove™ Collector's Edition Mystery Case Files®: Escape from Ravenhearst™ Mystery Case Files: Madame Fate ® Mystery Case Files: Prime Suspects ™ Mystery Case Files: Return to Ravenhearst ™ Mystery Club Detective Academy Mystery Legends: The Phantom of the Opera Mystery of the Ancients: Lockwood Manor Mystery Trackers: Black Isle Collector's Edition NVIDIA Drivers Oasis2Service OJ_AIO_07_K410_SW_Min PaintTool SAI Ver.1 PlayReady PC Runtime amd64 plist Editor for Windows 1.0.2 PMB PMB VAIO Edition Guide PMB VAIO Edition plug-in (Click to Disc) PMB VAIO Edition plug-in (VAIO Image Optimizer) PMB VAIO Edition plug-in (VAIO Movie Story) Pokemon World Online version 1.83 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 ROBLOX Player Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Safari Sally's Salon Scan ScienceToLife DVD Security Update for Microsoft .NET Framework 4.5 (KB2729460) Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Security Update for Microsoft .NET Framework 4.5 (KB2804582) Security Update for Microsoft .NET Framework 4.5 (KB2833957) Security Update for Microsoft .NET Framework 4.5 (KB2840642) Security Update for Microsoft .NET Framework 4.5 (KB2840642v2) Security Update for Microsoft .NET Framework 4.5 (KB2861208) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Service Pack 3 for SQL Server 2008 (KB2546951) Setting Utility Series Shop for HP Supplies Shrek Forever After Silent Nights: The Pianist Collector's Edition SilvestriRN5e Simple Home Budget SmartWebPrinting SmartWi Connection Utility SolutionCenter Sony Home Network Library SPORE™ SpyroDriver SpyroPortalDriver Sql Server Customer Experience Improvement Program Status swMSM Symantec Technical Support Web Controls Synaptics Pointing Device Driver The Agency of Anomalies: Cinderstone Orphanage The Return of Monte Cristo TI Connect 1.6 Toolbox TrayApp Trend Micro Titanium Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft .NET Framework 4.5 (KB2805221) Update for Microsoft .NET Framework 4.5 (KB2805226) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition VAIO Care VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Intelligent Network Service Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Content Monitoring Settings VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data VAIO Entertainment Platform VAIO Event Service VAIO Hardware Diagnostics VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO Messenger VAIO Movie Story Template Data VAIO OOBE and Startup Assistant VAIO Original Function Settings VAIO Personalization Manager VAIO Power Management VAIO Survey VAIO Transfer Support VAIO Update VAIO Wallpaper Contents VD64Inst Verizon V CAST Media Manager VU5x64 VU5x86 WebReg WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Wizard101 WolfQuest . ==== Event Viewer Messages From Past Week ======== . 1/31/2014 5:28:24 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105. 1/24/2014 3:39:06 AM, Error: Service Control Manager [7034] - The Oasis2Service service terminated unexpectedly. It has done this 1 time(s). 1/24/2014 3:21:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service. 1/24/2014 3:21:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/24/2014 3:20:28 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 1/24/2014 3:20:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. 1/24/2014 3:04:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 11 for Windows 7 for x64-based Systems. 1/24/2014 3:02:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 10 for Windows 7 for x64-based Systems. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.25.2 Run by Ann at 17:41:46 on 2014-01-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1486 [GMT -6:00] . AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\CISVC.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Care\VAIOCareService.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\ATT-SST\pcTrayApp.exe C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update\VUAgent.exe C:\Windows\system32\wuauclt.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - <orphaned> BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ann\AppData\Local\DefineExt\temp.dat BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN25I5211W05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [Akamai NetSession Interface] "C:\Users\Ann\AppData\Local\Akamai\netsession_win.exe" uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [bYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Trusted Zone: $talisma_url$ TCP: NameServer = 192.168.1.254 TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2375942554635383 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2375942554937353 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2427567737475627F57457563747 : DHCPNameServer = 4.2.2.2 4.2.2.3 TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\35B697849676863507565646 : DHCPNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\64F485 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\ FF - prefs.js: browser.search.selectedEngine - KeyBar 1.12 Customized Web Search FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-8484f0d4199b4d0f\NPRobloxProxy.dll FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Ann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll FF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll FF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll FF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2011-02-11 09:15; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: extensions.shownSelectionUI - true . . user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false); ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 207904] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-16 55280] R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-11-25 25120] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-12-17 28184] R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-3-1 440672] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-17 1038072] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-17 421704] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-17 78648] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-23 50344] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-23 113704] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-25 13336] R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-3-10 369152] R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-3-10 460288] R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-3-10 342528] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-25 93696] R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-25 76800] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-16 120104] R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-16 70952] R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-16 427304] R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-16 75048] R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-16 91432] R2 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-1-31 48128] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-16 104960] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-25 2314240] R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-12-16 480624] R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-12-16 361840] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-16 19968] R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-23 80184] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-25 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-25 151936] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-25 244736] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-25 62464] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-22 315664] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-19 6956032] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-25 11392] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-16 571248] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-2-10 1369136] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2009-10-15 36760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856] S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-25 52264] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-25 35104] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128] S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328] S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2011-10-27 26112] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840] S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2011-1-27 167424] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-16 110960] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-26 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024] . =============== File Associations =============== . FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1 FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %* FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %* FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2014-01-24 05:03:59 -------- d-----w- C:\Program Files\iPod 2014-01-24 05:03:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-24 05:03:56 -------- d-----w- C:\Program Files\iTunes 2014-01-24 04:27:55 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2014-01-24 04:27:55 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe 2014-01-24 04:27:54 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2014-01-24 04:27:54 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2014-01-24 04:27:54 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2014-01-24 04:07:10 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2014-01-24 03:25:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-24 03:25:26 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-24 03:25:25 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-24 03:25:25 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-24 03:25:25 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-24 03:25:25 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-24 03:25:24 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-24 03:23:42 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-24 02:56:11 -------- d-----w- C:\Users\Ann\AppData\Local\{538E7F2C-0678-495F-B4A0-857DC2C4277F} . ==================== Find3M ==================== . 2014-01-24 04:06:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-01-24 04:06:33 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-01-24 04:06:32 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-01-24 04:06:32 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-01-24 04:06:32 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-01-24 04:06:31 43152 ----a-w- C:\Windows\avastSS.scr 2014-01-24 04:06:16 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2014-01-24 04:06:07 440672 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2013-12-29 03:58:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-29 03:58:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-19 13:11:26 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2013-12-19 13:11:24 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-05-10 21:09:02 4167680 ----a-w- C:\Program Files (x86)\GUTA57.tmp . ============= FINISH: 17:42:00.26 ===============

Results of screen317's Security Check version 0.99.79 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Webroot SecureAnywhere Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox (26.0) Google Chrome 32.0.1700.72 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

looks good! Gorilla Price is no longer listed under add/remove programs, so I assume we got it!! thank you for all your help!

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.24.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Ann :: ANN-VAIOTOUCH [administrator] 1/24/2014 9:14:19 AM mbam-log-2014-01-24 (09-14-19).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 474492 Time elapsed: 1 hour(s), 1 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice (PUP.Optional.GorillaPrice) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice (PUP.Optional.GorillaPrice) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\ProgramData\GorillaPrice (PUP.Optional.GorillaPrice) -> Quarantined and deleted successfully. C:\Program Files (x86)\GorillaPrice (PUP.Optional.GorillaPrice) -> Quarantined and deleted successfully. Files Detected: 0 (No malicious items detected)

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.24.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Ann :: ANN-VAIOTOUCH [administrator] 1/24/2014 9:14:19 AM MBAM-log-2014-01-24 (10-30-56).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 474492 Time elapsed: 1 hour(s), 1 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice (PUP.Optional.GorillaPrice) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice (PUP.Optional.GorillaPrice) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0

# AdwCleaner v3.017 - Report created 24/01/2014 at 09:01:25 # Updated 12/01/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Ann - ANN-VAIOTOUCH # Running from : C:\Users\Ann\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\m2xatij3.default\prefs.js ] -\\ Google Chrome v32.0.1700.76 [ File : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [951 octets] - [24/01/2014 08:55:41] AdwCleaner[s0].txt - [875 octets] - [24/01/2014 09:01:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [934 octets] ##########

i can't get Gorilla Price to uninstall, when I try it opens a new window on the web to download an uninstaller from them, which I don't think I should do?

Here it is.. RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : Ann [Admin rights] Mode : Scan -- Date : 01/24/2014 08:21:38 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD100H +++++ --- User --- [MBR] 0316d914febf7fe131a588e393e7d9c7 [bSP] f9bd7571a757fda1087c4da39b496c5d : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_01242014_082138.txt >>