Would like to have my Sony VAIO (2010 laptop) checked

JDBush61 · March 27, 2014, 03:02:36 AM

Hi Corrine, as I posted in my last reply, I would like to have someone look at the log files created for my Sony to see what, if anything, is amiss (viruses, trojans, spyware, work-related monitoring, etc.). I've been experiencing boot up problems over the past few months that I work around via a hard shut-down and re-boot. So, something is not right.

Below, please find the two logs that I created using DDS.scr from sUBs. However, when I tried to download the Security Check from the screen317 link, it was denied and the message shown below claiming it is a virus appeared in a new window. Not sure if my university has some type of filtering to block that file, or if the file is actually corrupted. Advice please!

John

"Virus Download Blocked

Download of the virus has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.

File name: SecurityCheck.exe"

Here are the DDS.txt and Attach.txt logs:

___________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Administrator Bush at 11:41:23 on 2014-03-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2025 [GMT 9:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://sony.msn.com
uProxyServer = cache.kpu-m.ac.jp:3128
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.logging.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: NameServer = 172.16.130.1 172.16.130.8
TCP: Interfaces\{8B2AE300-2433-4536-A446-71F6F6147159} : DHCPNameServer = 192.168.131.1 163.139.21.197 163.139.230.164 210.196.191.66
TCP: Interfaces\{DA0A0532-503B-470A-A8C8-4526E107F05C} : DHCPNameServer = 172.16.130.1 172.16.130.8
TCP: Interfaces\{DA0A0532-503B-470A-A8C8-4526E107F05C}\642554543505F44533 : DHCPNameServer = 143.90.130.165 143.90.130.39
TCP: Interfaces\{DA0A0532-503B-470A-A8C8-4526E107F05C}\D656469616E69687 : DHCPNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-1 55280]
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-11-27 25120]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys [2014-3-21 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys [2014-3-21 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-19 1525976]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys [2014-3-21 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140324.002\IDSviA64.sys [2014-3-26 525016]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys [2014-3-21 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys [2014-3-21 593112]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-27 13336]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe [2014-3-21 265040]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-2-12 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-3-24 1141336]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-2-12 23552]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-27 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-27 76800]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-29 414496]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-1 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-27 2314240]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-9-7 845312]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-5-1 19968]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-27 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-27 151936]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-15 111216]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-16 6952960]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-27 11392]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-9-23 289952]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-1 571248]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-11-21 1369136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-27 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-27 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-27 244736]
S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\SONY\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-11-3 138392]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-11-3 74904]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-9-8 381488]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-26 14:24:53   --------   d-----w-   C:\Program Files\CCleaner
2014-03-24 02:26:53   --------   d-----w-   C:\Users\Administrator Bush\AppData\Roaming\RealNetworks
2014-03-24 02:26:17   --------   d-----w-   C:\ProgramData\RealNetworks
2014-03-24 02:25:47   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2014-03-24 02:25:13   505416   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2014-03-24 02:25:13   353864   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2014-03-24 02:12:11   33240   ----a-w-   C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-03-24 02:03:45   125872   ----a-w-   C:\Windows\System32\GEARAspi64.dll
2014-03-24 02:03:45   106928   ----a-w-   C:\Windows\SysWow64\GEARAspi.dll
2014-03-24 01:38:40   --------   d-----w-   C:\Windows\SysWow64\Adobe
2014-03-24 01:06:50   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-24 01:06:50   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-24 01:06:50   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-24 01:06:50   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-24 01:06:50   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-21 02:10:12   875736   ----a-w-   C:\Windows\System32\drivers\N360x64\1502000.026\srtsp64.sys
2014-03-21 02:10:12   593112   ----a-w-   C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys
2014-03-21 02:10:12   493656   ----a-r-   C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys
2014-03-21 02:10:12   36952   ----a-r-   C:\Windows\System32\drivers\N360x64\1502000.026\srtspx64.sys
2014-03-21 02:10:12   264280   ----a-r-   C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys
2014-03-21 02:10:12   23568   ----a-r-   C:\Windows\System32\drivers\N360x64\1502000.026\symelam.sys
2014-03-21 02:10:12   162392   ----a-r-   C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys
2014-03-21 02:10:12   1148120   ----a-w-   C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys
2014-03-21 02:09:48   --------   d-----w-   C:\Windows\System32\drivers\N360x64\1502000.026
2014-03-12 21:42:59   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-03-12 21:42:59   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-03-12 21:42:59   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-03-12 21:42:59   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-01 00:45:08   6574592   ----a-w-   C:\Windows\System32\mstscax.dll
2014-03-01 00:45:08   5694464   ----a-w-   C:\Windows\SysWow64\mstscax.dll
.
==================== Find3M ====================
.
2014-03-14 16:44:08   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 16:44:08   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33   5768704   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11   2041856   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15   4244480   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-01 03:00:08   1964032   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2014-01-29 02:32:18   484864   ----a-w-   C:\Windows\System32\wer.dll
2014-01-29 02:06:47   381440   ----a-w-   C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46   228864   ----a-w-   C:\Windows\System32\wwansvc.dll
2014-01-17 07:24:12   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 07:24:12   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:41:57.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2010 12:13:48 PM
System Uptime: 3/27/2014 9:22:32 AM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | N/A | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 186.495 GiB free.
D: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7930H_________________1.V0____\4&F3EE9FB&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: Optiarc DVD RW AD-7930H
PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7930H_________________1.V0____\4&F3EE9FB&0&0.1.0
Service: cdrom
.
==== System Restore Points ===================
.
RP422: 3/9/2014 12:20:53 PM - Scheduled Checkpoint
RP423: 3/13/2014 3:57:46 PM - Windows Update
RP424: 3/21/2014 4:56:40 AM - Scheduled Checkpoint
RP425: 3/23/2014 10:36:58 AM - Windows Backup
RP426: 3/24/2014 11:01:59 AM - Removed iTunes
RP427: 3/24/2014 11:10:34 AM - Installed iTunes
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activate Norton Online Backup
Adobe Acrobat XI Pro
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.1
AmpliTube 3 version 3.10.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
Audacity 2.0.3
Bonjour
BUFFALO ƒuƒ[ƒhƒXƒe[ƒVƒ‡ƒ" IPÝ'èƒ†[ƒeƒBƒŠƒeƒB
CCleaner
Custom Shop version 1.1.0
D3DX10
Documents To Go Desktop for iPhone
Google Earth
Google Update Helper
iCloud
IK Multimedia Authorization Manager version 1.0.9
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
iTunes
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Media Gallery
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Norton 360
NVIDIA 3D Vision Driver 327.02
NVIDIA Control Panel 327.02
NVIDIA Graphics Driver 327.02
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.14.17
NVIDIA Update Components
PlayMemories Home Plug-in
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program
PMB
PMB VAIO Edition Guide
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Remote Keyboard
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Setting Utility Series
Setup_msm_VCMS_x64
Setup_msm_VOFS_x64
Setup_VEP_x64
SmartSound Quicktracks for Premiere Elements 8.0
SOHLib Merge Module
Sony Home Network Library
SQLite_3_7_8_x64
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UpdateService
VAIO - Media Gallery
VAIO - PlayMemories Home Plug-in
VAIO - PMB VAIO Edition Guide
VAIO - Remote Keyboard
VAIO Care
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Personalization Manager
VAIO Platform Update Program
VAIO Power Management
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
VGClientX64
VGClientX86
VU5x64
VU5x86
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
3/27/2014 9:42:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ïaÉFDYNABOOK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DA0A0532-503B-470A-A8C8-4526E107F05C}. The master browser is stopping or an election is being forced.
3/27/2014 9:35:56 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
3/27/2014 9:19:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
3/27/2014 9:19:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
3/27/2014 9:19:28 AM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
3/25/2014 9:10:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
3/25/2014 9:10:11 AM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2014 1:54:42 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/23/2014 1:52:10 PM, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
3/23/2014 1:49:48 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
3/20/2014 3:48:55 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/20/2014 3:48:55 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
3/20/2014 3:48:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

Corrine · March 27, 2014, 03:15:47 PM

Hi, John.

SecurityCheck isn't a virus but, as you indicated, probably blocked by your university. We can proceed without it.

1. Unless you specifically know it to be otherwise, the first thing I recommend is uninstalling "BUFFALO ƒuƒ[ƒhƒXƒe[ƒVƒ‡ƒ" IPÝ'èƒ†[ƒeƒBƒŠƒeƒB" since it is identified as a scam by WOT.

2. Update Adobe Products, which have had critical security updates:

The current version of Adobe Reader is 11.0.06, available from here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
The newest version of Adobe Shockwave Player is 12.1.0.150, available here: http://get.adobe.com/shockwave/.
Adobe Air has been updated to version 4.0 and is available here: http://get.adobe.com/air/
As usual, with Adobe updates, watch for any pre-checked add-ons not needed for the update.

3. Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

JDBush61 · March 27, 2014, 11:05:50 PM

Hi Corrine,

I uninstalled (I think I did!) the BUFFALO program. Not sure, actually, because when I did the uninstall from the programs window there suddenly was some very funky (unreadable) script in the pop-up boxes. I clicked the one that I supposed said "yes" for remove software, yet the program might still be hiding on my machine somewhere. That pop-up box looked very "VIRUS!", yet I clicked anyway. Maybe I shouldn't have. Anyway, BUFFALO doesn't show up now in the installed programs window.

Very little time right now, yet I will follow the rest of your instructions tomorrow regarding Adobe and ComboFix.

Best wishes,

John

Corrine · March 27, 2014, 11:10:45 PM

No hurry, John. If I'm not here or busy when you post the log, I'll be sure to catch up later. Have a nice evening.

JDBush61 · March 28, 2014, 02:01:42 AM

Hi Corrine,

I had some free time here at the office, so I decided to do the tasks you recommended.

First, I went to the link for Adobe Reader and tried to download 11.0.06, yet a window popped up and said I do not have the program, or unsuccessful download, or something, I forget now. So I tried to update Adobe Reader (I have Adobe Reader X 10.1.9 installed) after opening the program itself, and from the program it stated no updates available. Thus, kind of at a loss on this.

I did download and install Shockwave Player 12.1.0.150, as you suggested, and I think that it downloaded fine. As far as Adobe AIR, I think I already have the current version installed (version 4.0.0.1390).

I went to do ComboFix as requested. I saved the file to my desktop, then I disabled my Norton firewall and Antivirus Auto-Protect (as instructed in the link you provided on how to disable Norton). I then closed all windows and tried to make sure no programs were open. Then, I double-clicked the ComboFix file and a window popped up stating "Your Norton is still doing scan" (or something to that effect, so I clicked "ok", because I was next going to try and see what was still running on Norton, then another screen popped up stating "Norton still scanning ... proceed at your own risk!" (I then did a big "gulp", and quickly right-clicked on the little Norton icon in the bottom tray to try and see what the heck was still running, and the only other option that I saw was to "Turn on silent mode" (which prevents background activities from running. I sent it to 4 hours.).

Then I clicked "ok" in the ComboFix pop-up box that instructed me to proceed at my own peril (ahaha), and ComboFix began scanning. What I didn't expect was for the Bill P Scotty Dog window to pop up asking me if it is OK to let a program run (I should have thought about WinPatrol before starting ComboFix, I guess), and I just clicked "allow" whenever asked.

ComboFix scanned and ran until "Completed Stage_50". Then it said "Deleting Files: C:\Windows\msvcr71.dll" (no idea what that file is. Then it stated "Preparing Log Report" (which after about 10 minutes it completed, and the log appeared in Notepad. I saved it to my desktop, and am copying the contents below).

Then, I had no idea if ComboFix was finished, or not, but I did notice that some of the little icons in the bottom tray had disappeared. Thus, I waited a few minutes, and "Restarted" my VAIO. All the normal icons in the tray appeared, and everything seemed normal.
SIDE NOTE: My desktop never went blank, and it did not appear that ComboFix ever "rebooted" my machine.

Anyway, now I seem to have a problem. When I start Internet Explorer, it will not allow me to navigate to Yahoo (my normal start page) or Google. It just hangs, and the pages are white and blank. When I try the Yahoo and Google bookmarks it states "Navigation Canceled" It will, however, allow to come here to Lanzdown (as well as other bookmarks such as Wikipedia).

So, what do you think happened to my browser's default Yahoo, and Google also, for that matter? Did I do something wrong during the ComboFix?

Here is the ComboFix log. Please help:

ComboFix 14-03-24.01 - Administrator Bush 03/28/2014 9:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2250 [GMT 9:00]
Running from: c:\users\Administrator Bush\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-28 )))))))))))))))))))))))))))))))
.
.
2014-03-28 00:52 . 2014-03-28 00:52   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2014-03-28 00:52 . 2014-03-28 00:52   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-03-26 14:24 . 2014-03-26 14:24   --------   d-----w-   c:\program files\CCleaner
2014-03-24 02:26 . 2014-03-24 02:26   --------   d-----w-   c:\users\Administrator Bush\AppData\Roaming\RealNetworks
2014-03-24 02:26 . 2014-03-24 02:26   --------   d-----w-   c:\programdata\RealNetworks
2014-03-24 02:25 . 2014-03-24 02:25   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2014-03-24 02:25 . 2014-03-24 02:25   505416   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2014-03-24 02:25 . 2014-03-24 02:25   353864   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2014-03-24 02:12 . 2012-08-21 04:01   33240   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-24 02:03 . 2012-08-21 04:01   125872   ----a-w-   c:\windows\system32\GEARAspi64.dll
2014-03-24 02:03 . 2012-08-21 04:01   106928   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
2014-03-24 01:38 . 2014-03-24 01:38   --------   d-----w-   c:\windows\SysWow64\Adobe
2014-03-24 01:06 . 2014-03-24 01:06   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-24 01:06 . 2014-03-24 01:06   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-24 01:06 . 2014-03-24 01:06   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-24 01:06 . 2014-03-24 01:06   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-24 01:06 . 2014-03-24 01:06   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-21 02:09 . 2014-03-27 23:17   --------   d-----w-   c:\windows\system32\drivers\N360x64\1502000.026
2014-03-12 21:42 . 2014-02-04 02:32   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2014-03-12 21:42 . 2014-02-04 02:32   624128   ----a-w-   c:\windows\system32\qedit.dll
2014-03-12 21:42 . 2014-02-04 02:04   1230336   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 21:42 . 2014-02-04 02:04   509440   ----a-w-   c:\windows\SysWow64\qedit.dll
2014-03-01 00:45 . 2014-01-09 02:22   5694464   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-03-01 00:45 . 2014-01-03 22:44   6574592   ----a-w-   c:\windows\system32\mstscax.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-14 16:44 . 2012-04-03 01:29   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 16:44 . 2011-06-06 05:52   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 07:00 . 2010-04-30 03:40   90015360   ----a-w-   c:\windows\system32\MRT.exe
2014-01-17 07:24 . 2014-01-17 07:24   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 07:24 . 2014-01-17 07:24   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-03-22 527936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-20 152392]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-03-24 296520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 02:20   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
R3 aswArKrn;aswArKrn;c:\users\ADMINI~1\AppData\Local\Temp\aswArKrn.sys;c:\users\ADMINI~1\AppData\Local\Temp\aswArKrn.sys
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMDS64.SYS
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMEFA64.SYS
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\ccSetx64.sys
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IDSvia64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\Ironx64.SYS
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1502000.026\SYMNETS.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe;c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:44]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 06:07]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 06:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-19 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = cache.kpu-m.ac.jp:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.130.1 172.16.130.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3} - c:\program files (x86)\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.2.0.38;c:\program files (x86)\Norton 360\Engine64\21.2.0.38"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-28 10:08:11
ComboFix-quarantined-files.txt 2014-03-28 01:08
.
Pre-Run: 203,567,501,312 bytes free
Post-Run: 203,011,981,312 bytes free
.
- - End Of File - - 7AD086AAEB2ADCAFC0F658C6415F7A32

JDBush61 · March 28, 2014, 04:44:08 AM

Well, my problems keep getting bigger since I ran ComboFix. I am typing this message from my iPhone, as now I cannot connect to anywhere using the IE browser on my laptop.

Something is very wrong, yet I have no idea how to fix the browser problem.
Maybe many more things wrong with the laptop post ComboFix.

One strange message that popped up said the following:

"Windows has detected an IP address conflict

Another computer on this network has the same IP address as this computer. Contact your system administrator for help resolving this issue. More details are available in the Windows System event log"

This is all very new, and very strange.

Really hoping that someone here can soon help me resolve these issues.

Much thanks in advance!

John

Corrine · March 28, 2014, 05:42:22 PM

Hi, John.

It appears that ComboFix may have mistook the legitimate msvcr71.exe for a backdoor trojan which creates files with the name msvcr71.exe, but in a different folder. Please do the following:

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


DeQuarantine::
C:\Qoobox\Quarantine\c\windows\msvcr71.dll.vir
Quit::

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Wait for ComboFix to complete. If it does not restart your computer, please do so and, of course, let me know the status of your computer.

JDBush61 · March 28, 2014, 09:09:47 PM

Hi Corrine, thanks for your prompt reply.

First, I am still typing from my iPhone, as the browser on my laptop has lost its functionality. I can connect to the Internet, read and send e-mails from Outlook, and in general, everything else on my computer appears to be fine. However, when I click the IE icon a browser appears, yet it won't do anything; i.e., it is set to http://www.yahoo.com and the page appears, yet when I click on any link on the yahoo page nothing happens, and it doesn't allow me to go anywhere. I've tried typing Landzdown in the yahoo search window and yahoo does the search and brings up the search results, yet when I click on any of those results a new tab appears that is just and remains blank.

So, can we somehow first fix my browser and make it functional again. I don't have any way to go to Landzdown and copy and paste the script for notepad. And, I no longer have the ComboFix file on my desktop, as I trashed it yesterday after it finished its job thinking I wouldn't need it again.

What should I do?

John

JDBush61 · March 28, 2014, 09:28:31 PM

I should also add that when my browser stopped working yesterday post ComboFix, I noticed that it was set to "hsrd.yahoo.com". So I messed around trying to reset the start page to "http://www.yahoo.com", but it wanted to be "https", not "http".

Obviously, and even after 20 years surfing around, I'm not tech savvy.
I have a feeling that browser problem is just a simple fix, but maybe the deletion of msvcr71 by ComboFix is causing the problem with the lack of browser functionality?

Corrine · March 28, 2014, 10:23:01 PM

Ummm, by "trashing" ComboFix, I hope you mean that you deleted it from your desktop and did not delete the other files in the event they are needed. However, since ComboFix creates a restore point before running, let's return your computer to the state prior to the CF run.

Close all open programs.
Click Start > All Programs > Accessories > System Tools > System Restore.
Wait while the "Restore system files and settings" window opens.
Click "Choose a different restore point" and click "Next".
When the restore points load, select the point that is before running ComboFix, which would be PRIOR to the completion time of 10:08.
Click "Yes" in the confirmation message that appears.
Do not interfere with your computer during the operation. Your computer will automatically restart to complete the restore.

JDBush61 · March 28, 2014, 11:09:37 PM

Hi Corrine,

Thanks so much! Now typing to you from my laptop. I did the system restore as requested, and it ran very smoothly and quickly. I restored to the point prior to 10:08. Everything seems to be running fine again. To answer your question, yesterday I only dragged the ComboFix file sitting on the desktop to the trash and deleted it. Nothing else. Now, post system restore, the ComboFix file has reappeared on the desktop.

So, where do we proceed from here? I assume that after the system restore "msvcr.71.exe" is now re-installed? Do you think that it might actually be a backdoor Trojan, and not the true dll? If so, that worries me.

Regardless, I await your suggestions as to what I should do next.

John

Corrine · March 28, 2014, 11:27:13 PM

I don't believe it is a backdoor Trojan. However, let's do an online scan with ESET. The scan may take a while. Please note the instructions to be sure the option to remove threats is unchecked. I want to see any findings by ESET prior to removal.

Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

JDBush61 · March 29, 2014, 11:17:54 PM

Hi Corrine, yesterday ran the ESET online scanner, yet I gad to leave my home before the scan finished. When I came home, an ESET window stated that the scan had finished and no threats/viruses were found. However, try as I might, I cannot find the ESET log that you requested. Have looked through C:\Program Files and there is nothing Eset related. Opened Notepad, and the same results.

John

Corrine · March 30, 2014, 12:00:57 AM

Hi, John.

As long as ESET didn't find anything, that confirms that it was a f/p so no worries about a back door.

When you use CCleaner, do not run the registry cleaner part. It really will not do anything to speed up your computer.

One thing you can do is run Temp File Cleaner when you notice your computer is getting sluggish. Instructions and information:

Download TFC by Old Timer from here (direct download): http://www.itxassociates.com/OT-Tools/TFC.exe

First, save any files as TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

More info:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

JDBush61 · March 30, 2014, 01:31:53 AM

Hi Corrine. Thanks. I'm glad that there is not a backdoor intrusion. What's an "f/p"?

I downloaded the TFC file to my desktop, and then ran it as instructed. The first time I clicked start, a "blue screen" (white letters) suddenly appeared telling me that my laptop needs to do an emergency shutdown, which it did. Not sure why that happened. Then the black reboot screen (white letters) gave me the option to "start normally", which I did. I hesitated for a moment, and then decided to try TFC one more time. This time the program appeared to run and it removed files. When finished, it gave me no prompt to reboot. I closed the windows and rebooted anyway.

Is there anything that I should do now?

John