wismommy Posted January 31, 2014 ID:785257 Share Posted January 31, 2014 my kids have taken over my laptop and I fear that I may have an infection of some sort....I would appreciate any help, thanks! here are the files as requested: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 1/25/2011 10:01:40 PMSystem Uptime: 1/31/2014 4:09:20 AM (13 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core i5 CPU M 430 @ 2.27GHz | N/A | 2267/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 457 GiB total, 312.595 GiB free.E: is RemovableF: is RemovableG: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4a9c2fa7-d63f-44c5-a247-bb3289a3739f}Description: Activision Xbox360 Spyro PortalDevice ID: ROOT\XBOX360USBDEVICE\0000Manufacturer: ActivisionName: Activision Xbox360 Spyro PortalPNP Device ID: ROOT\XBOX360USBDEVICE\0000Service: WinUSB.==== System Restore Points ===================.RP320: 12/28/2013 8:47:40 PM - Windows UpdateRP321: 12/29/2013 3:01:20 AM - Windows UpdateRP322: 1/23/2014 9:17:42 PM - avast! antivirus system restore pointRP323: 1/23/2014 9:41:35 PM - Removed Your Future In NursingRP324: 1/23/2014 9:43:26 PM - Removed Medcin Student EditionRP325: 1/23/2014 9:51:16 PM - Removed Medcin ServerRP326: 1/23/2014 9:51:35 PM - Removed Livescribe ConnectRP327: 1/23/2014 10:07:32 PM - Device Driver Package Install: Avast Network ServiceRP328: 1/23/2014 10:09:36 PM - Removed iTunesRP329: 1/23/2014 11:02:20 PM - Installed iTunesRP330: 1/24/2014 3:01:25 AM - Windows Update.==== Installed Programs ======================.3DVIA player 5.04400K41064 Bit HP CIO Components InstallerAbyss: The Wraiths of EdenAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Adobe Shockwave Player 12.0Amazon MP3 Downloader 1.0.12Angry BirdsApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft Magic-i Visual Effects 2ArcSoft WebCam Companion 3AT&T Troubleshoot & Resolve Toolavast! EasyPassavast! Internet SecurityAwakening: Moonfell WoodAwakening: The Dreamless CastleAwakening: The Goblin KingdomAwakening: The Skyward Castle Collector's EditionAwakening: The Sunhook Spire Collector's EditionBarbie In The 12 Dancing PrincessesBig Fish: Game ManagerBing BarBing Rewards Client InstallerBonjourBufferChmCompatibility Pack for the 2007 Office systemCopyCoupon Printer for WindowsD3DX10Define ExtDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDropboxElizabeth Find M.D. - Diagnosis MysteryeRegEuropean Mystery: Scent of Desire Collector’s EditionEvernote v. 4.5.8FeralHeart version 1.13ffdshow [rev 2527] [2008-12-19]Forbidden Secrets: Alien Town Collector's EditionGardenscapes: Mansion Makeover™Google ChromeGoogle DriveGoogle Earth Plug-inGoogle Update HelperGPBaseService2Hamster Free Video ConvertorHidden Mysteries®: The Fateful Voyage - TitanicHP Customer Participation Program 14.0HP Deskjet 3050A J611 series Basic Device SoftwareHP Deskjet 3050A J611 series HelpHP Deskjet 3050A J611 series Product Improvement StudyHP Imaging Device Functions 14.0HP Officejet 4400 K410 All-in-One Driver Software 14.0 Rel. 7HP Photo CreationsHP Product DetectionHP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPPhotoGadgetHPProductAssistantHPSSupplyiCloudIntel AppUp(SM) centerIntel PROSet WirelessIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology DriverIntel® Wireless DisplayiTunesJava 7 Update 25Java Auto UpdaterJava 6 Update 39 (64-bit)JumpStart Advanced KindergartenJunk Mail filter updateLG Android DriversLG United Mobile DriversLG USB Modem driverLiveMath Plug-In & ActiveX 3.5.9 [u18] - August 2008LiveMath Viewer 3.5.9 [u18] - August 2008Logitech SetPoint 6.32Malwarebytes Anti-Malware version 1.75.0.1300MarketResearchMedia GalleryMicrosoft .NET Framework 4.5Microsoft Application Error ReportingMicrosoft Default ManagerMicrosoft IntelliPoint 8.0Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Click-to-Run 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008Microsoft SQL Server 2008 BrowserMicrosoft SQL Server 2008 Common FilesMicrosoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 Database Engine SharedMicrosoft SQL Server 2008 Native ClientMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support FilesMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server VSS WriterMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WorksMicrosoft XNA Framework Redistributable 4.0MobileMe Control PanelMozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery Case Files®: Dire Grove™ Collector's EditionMystery Case Files®: Escape from Ravenhearst™Mystery Case Files: Madame Fate ®Mystery Case Files: Prime Suspects ™Mystery Case Files: Return to Ravenhearst ™Mystery Club Detective AcademyMystery Legends: The Phantom of the OperaMystery of the Ancients: Lockwood ManorMystery Trackers: Black Isle Collector's EditionNVIDIA DriversOasis2ServiceOJ_AIO_07_K410_SW_MinPaintTool SAI Ver.1PlayReady PC Runtime amd64plist Editor for Windows 1.0.2PMBPMB VAIO Edition GuidePMB VAIO Edition plug-in (Click to Disc)PMB VAIO Edition plug-in (VAIO Image Optimizer)PMB VAIO Edition plug-in (VAIO Movie Story)Pokemon World Online version 1.83QuickTimeRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1ROBLOX PlayerRoxio Central AudioRoxio Central CopyRoxio Central CoreRoxio Central DataRoxio Central ToolsRoxio Easy Media Creator 10 LJRoxio Easy Media Creator HomeSafariSally's SalonScanScienceToLife DVDSecurity Update for Microsoft .NET Framework 4.5 (KB2729460)Security Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2804582)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionService Pack 3 for SQL Server 2008 (KB2546951)Setting Utility SeriesShop for HP SuppliesShrek Forever AfterSilent Nights: The Pianist Collector's EditionSilvestriRN5eSimple Home BudgetSmartWebPrintingSmartWi Connection UtilitySolutionCenterSony Home Network LibrarySPORE™SpyroDriverSpyroPortalDriverSql Server Customer Experience Improvement ProgramStatusswMSMSymantec Technical Support Web ControlsSynaptics Pointing Device DriverThe Agency of Anomalies: Cinderstone OrphanageThe Return of Monte CristoTI Connect 1.6ToolboxTrayAppTrend Micro TitaniumUpdate for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionVAIO CareVAIO Content Metadata Intelligent Analyzing ManagerVAIO Content Metadata Intelligent Network Service ManagerVAIO Content Metadata Manager SettingsVAIO Content Metadata XML Interface LibraryVAIO Content Monitoring SettingsVAIO Control CenterVAIO Data Restore ToolVAIO DVD Menu DataVAIO Entertainment PlatformVAIO Event ServiceVAIO Hardware DiagnosticsVAIO Help and SupportVAIO Media plusVAIO Media plus Opening MovieVAIO MessengerVAIO Movie Story Template DataVAIO OOBE and Startup AssistantVAIO Original Function SettingsVAIO Personalization ManagerVAIO Power ManagementVAIO SurveyVAIO Transfer SupportVAIO UpdateVAIO Wallpaper ContentsVD64InstVerizon V CAST Media ManagerVU5x64VU5x86WebRegWIDCOMM Bluetooth SoftwareWindows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWizard101WolfQuest.==== Event Viewer Messages From Past Week ========.1/31/2014 5:28:24 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.1/24/2014 3:39:06 AM, Error: Service Control Manager [7034] - The Oasis2Service service terminated unexpectedly. It has done this 1 time(s).1/24/2014 3:21:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.1/24/2014 3:21:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.1/24/2014 3:20:28 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.1/24/2014 3:20:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.1/24/2014 3:04:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 11 for Windows 7 for x64-based Systems.1/24/2014 3:02:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 10 for Windows 7 for x64-based Systems..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.25.2Run by Ann at 17:41:46 on 2014-01-31Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1486 [GMT -6:00].AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\AVAST Software\Avast\afwServ.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\system32\CISVC.EXEC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Common Files\Motive\pcCMService.exeC:\Program Files\Common Files\Motive\pcCMService.exeC:\Program Files (x86)\Common Files\Motive\pcServiceHost.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exeC:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeC:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Sony\VAIO Care\VAIOCareService.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\ATT-SST\pcTrayApp.exeC:\Program Files (x86)\Sony\Media Gallery\ElbServer.exeC:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exeC:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exeC:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Windows\system32\RunDll32.exeC:\Windows\system32\RunDll32.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exeC:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exeC:\Program Files (x86)\Real\RealPlayer\update\realsched.exeC:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exeC:\Program Files\Sony\VAIO Update\VAIOUpdt.exeC:\Program Files\Sony\VAIO Update\VUAgent.exeC:\Windows\system32\wuauclt.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - <orphaned>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ann\AppData\Local\DefineExt\temp.datBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /StayuRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeuRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN25I5211W05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"uRun: [Akamai NetSession Interface] "C:\Users\Ann\AppData\Local\Akamai\netsession_win.exe"uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activexmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exemRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exemRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [bYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exemRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeStartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXEStartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exeStartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exeStartupFolder: C:\Users\Ann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTrusted Zone: $talisma_url$TCP: NameServer = 192.168.1.254TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2375942554635383 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2375942554937353 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2427567737475627F57457563747 : DHCPNameServer = 4.2.2.2 4.2.2.3TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\35B697849676863507565646 : DHCPNameServer = 208.67.222.222 208.67.220.220TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\64F485 : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: VESWinlogon - VESWinlogon.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\FF - prefs.js: browser.search.selectedEngine - KeyBar 1.12 Customized Web SearchFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Roblox\Versions\version-8484f0d4199b4d0f\NPRobloxProxy.dllFF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\Ann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dllFF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dllFF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dllFF - plugin: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\b58rvzga.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: !HIDDEN! 2011-02-11 09:15; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.---- FIREFOX POLICIES ----FF - user.js: extensions.shownSelectionUI - true..user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 207904]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-16 55280]R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-11-25 25120]R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-12-17 28184]R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-3-1 440672]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-17 1038072]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-17 421704]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-17 78648]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-23 50344]R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-23 113704]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-25 13336]R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-3-10 369152]R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-3-10 460288]R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-3-10 342528]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-25 93696]R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-25 76800]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-16 120104]R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-16 70952]R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-16 427304]R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-16 75048]R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-16 91432]R2 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-1-31 48128]R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-16 104960]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-25 2314240]R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-12-16 480624]R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-12-16 361840]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-16 19968]R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-23 80184]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-25 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-25 151936]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-25 244736]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-25 62464]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-22 315664]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-19 6956032]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-25 11392]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-16 571248]R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-2-10 1369136]R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2009-10-15 36760]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-25 52264]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-25 35104]S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2011-10-27 26112]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2011-1-27 167424]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-16 110960]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-26 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024].=============== File Associations ===============.FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*.=============== Created Last 30 ================.2014-01-24 05:03:59 -------- d-----w- C:\Program Files\iPod2014-01-24 05:03:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-01-24 05:03:56 -------- d-----w- C:\Program Files\iTunes2014-01-24 04:27:55 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll2014-01-24 04:27:55 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe2014-01-24 04:27:54 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll2014-01-24 04:27:54 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2014-01-24 04:27:54 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll2014-01-24 04:07:10 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys2014-01-24 03:25:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-24 03:25:26 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-24 03:25:25 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-24 03:25:25 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-24 03:25:25 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-24 03:25:25 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-24 03:25:24 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-24 03:23:42 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2014-01-24 02:56:11 -------- d-----w- C:\Users\Ann\AppData\Local\{538E7F2C-0678-495F-B4A0-857DC2C4277F}.==================== Find3M ====================.2014-01-24 04:06:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2014-01-24 04:06:33 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2014-01-24 04:06:32 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2014-01-24 04:06:32 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2014-01-24 04:06:32 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2014-01-24 04:06:31 43152 ----a-w- C:\Windows\avastSS.scr2014-01-24 04:06:16 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys2014-01-24 04:06:07 440672 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys2013-12-29 03:58:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-29 03:58:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-19 13:11:26 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys2013-12-19 13:11:24 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-05-10 21:09:02 4167680 ----a-w- C:\Program Files (x86)\GUTA57.tmp.============= FINISH: 17:42:00.26 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted February 2, 2014 ID:785684 Share Posted February 2, 2014 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running, please create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
MrCharlie Posted February 4, 2014 ID:786638 Share Posted February 4, 2014 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
wismommy Posted February 4, 2014 Author ID:786672 Share Posted February 4, 2014 I didn't see this reply until now I will run this today Link to post Share on other sites More sharing options...
wismommy Posted February 4, 2014 Author ID:786774 Share Posted February 4, 2014 the link for roue killer for 64 bit doesn't work?? Link to post Share on other sites More sharing options...
wismommy Posted February 4, 2014 Author ID:786794 Share Posted February 4, 2014 ok i downloaded from their site (bleepincomputer) does it usually take a long time for it to "check processes" before it will allow me to start to scan? it has been stuck on "Search filter host.exe" for a long time. and it also says " KILLED [TermProc] down under the "status" field...please advise Link to post Share on other sites More sharing options...
wismommy Posted February 4, 2014 Author ID:786824 Share Posted February 4, 2014 ok i ran RK in safe mode, here is the report: RogueKiller V8.8.5 [Feb 3 2014] by Tigzymail : tigzyRK<at>gmail<dot>comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Safe modeUser : Ann [Admin rights]Mode : Scan -- Date : 02/04/2014 15:53:30| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 7 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : BYRUA_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [7]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][Folder] U : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6133c873-5bc5-23fa-4cd6-bb625cf1a256}\U [-] --> FOUND[ZeroAccess][Folder] L : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6133c873-5bc5-23fa-4cd6-bb625cf1a256}\L [-] --> FOUND¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5055GSX +++++--- User ---[MBR] cabfa7fedb674dd5b1317e04b35a68a3[bSP] ce5d6e2a0702a1f2d7419115ce7e7b59 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8832 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 18092032 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18296832 | Size: 468005 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_02042014_155330.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted February 4, 2014 ID:786846 Share Posted February 4, 2014 Based on what I see in the logs.... Please read the following information first. You're infected with Rootkit.ZeroAccess, a BackDoor Trojan. BACKDOOR WARNING ------------------------------ One or more of the identified infections is known to use a backdoor. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451 When Should I Format, How Should I Reinstall http://www.dslreports.com/faq/10063 I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards. I would change all my passwords and keep a close eye on all your sensitive accounts. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps. ----------------------------------------- Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
wismommy Posted February 4, 2014 Author ID:786849 Share Posted February 4, 2014 Should I do a reinstall of the system before I follow your steps above? Link to post Share on other sites More sharing options...
MrCharlie Posted February 4, 2014 ID:786852 Share Posted February 4, 2014 Well if you do a format and re-install you're done with me....you have a clean system. But if you would rather clean the system run FRST. MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 10, 2014 Root Admin ID:788975 Share Posted February 10, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts