Solved Seeing *32 in my task manager?

[GambitX]

Thank you for bringing the Spyad problem to my attention. Zoned Out is a similar program, but it does not appear to be compatible with Windows 7- yet. It has been brought current for IE8 but only through Vista.
FYI:


Please stop adding these program for a bit and let me try to handle one question at a time! Fan running means heat. You have a lot running. Power down and let system chill out.

Sorry Bobbye !! Didn't mean to bombard you. I have downloaded Avila, Comodo and Spywareblaster. I will get rid of the Zoned Out program. Thanks so much!

Will power down now and wait for next step. Thanks a lot.

 

[GambitX]

Going to do the scan now. I don't have any apps running from a USB drive, the only thing I use my USB for was to save my resume.

How do I remove Java? UNder remove programs under control panel I see:

Java (TM) 6 Update 15 (64-bit)
Java (TM) 6 Update 21
Java (TM) SE Development kit 6 Update 15 (64-bit)

I have deleted the ZonedOut program and my fan seems to be running normally again.

Sorry to repeat this but I forgot to ask you about this too. You had mentioned I had too many Java programs and to uninstall the ones not needed. These are the three I see on the program list under "uninstall programs". I have not done anything with Java yet. I didn't want to miss a step so how do I remove the ones not needed? Thanks a lot Bobbye!

 

[Bobbye]

You always only need the most current Java on the system. Right now, that is v6u21. According to the Java Update site:

If you are using: 32-bit and 64-bit IE, you need to download both 32-bit and 64-bit Java respectively

Please note that the 64-bit Java is presented as a download option automatically for 64-bit Internet Explorer users, as it is the only officially available 64-bit browser for Windows.

You currently have this:
Java (TM) 6 Update 15 (64-bit)
Java (TM) 6 Update 21
Java (TM) SE Development kit 6 Update 15 (64-bit)

I would suggest that you run this program which will remove all of the Java entries. Then go to the update site, do the scan and download the appropriate 32 and 64 for Java v6u21.
Please download JavaRa and unzip it to your desktop.
Important!
***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Then download and install then most current version and update of Java Runtime Environment (JRE) HERE.
======================================
I will have one more step for you to remove the cleaning tools.

 

[GambitX]

Great, thanks Bobbye. Step is complete and I think I have installed everything correctly as instructed. Going to do a double check to make sure.

Question for you: You had mentioned earlier that you think that the fake virus scan or whatever it was that popped up on my screen had: "I think what happened is that the malware may have damaged your permissions to run in 64 bit. I don't know that for sure- I'm waiting to hear on that. But I am wondering where that pop-up went or just what it was. " What did that mean and is there a fix for that?

Thanks so much for your help.

 

[Bobbye]

I don't have an answer for that yet. You did not mention having any problem running any of the programs showing the *32. Since they have versions that can be run in either 32 or 64 bit, I don't know if this is a problem.

You can use CleanUp in OTL feature to remove all or most of the programs we've used in cleaning.

• Double click OTL.exe.
• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Creating a Restore Point in Windows 7:

• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.
  
  Deleting all but the most recent System Protection point in Windows
  7
• Click Start, type Cleanmgr.exe and press ENTER
• Select the drive-letter from the list and click OK
• Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
• Select the drive-letter from the list and click OK
• Click the More Options tab
  
  
• Click the Clean up… button under System Restore and Shadow Copies.
• Click OK.

 

[GambitX]

Great, thanks Bobbye. Step is complete and I think I have installed everything correctly as instructed. Going to do a double check to make sure.

Question for you: You had mentioned earlier that you think that the fake virus scan or whatever it was that popped up on my screen had: "I think what happened is that the malware may have damaged your permissions to run in 64 bit. I don't know that for sure- I'm waiting to hear on that. But I am wondering where that pop-up went or just what it was. " What did that mean and is there a fix for that?

Thanks so much for your help.

Bobbye,

In regards to the Java, the three programs on my "uninstall list" didn't change. All 3 remain. When I did the removal, nothing was removed and everything was verfied via the link you provided saying that I was up to date. Since I have to have both 32 and 64 bit versions, is having all 3 programs normal?

 

[GambitX]

I don't have an answer for that yet. You did not mention having any problem running any of the programs showing the *32. Since they have versions that can be run in either 32 or 64 bit, I don't know if this is a problem.

You can use CleanUp in OTL feature to remove all or most of the programs we've used in cleaning.

• Double click OTL.exe.
• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Creating a Restore Point in Windows 7:

• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.
  
  Deleting all but the most recent System Protection point in Windows
  7
• Click Start, type Cleanmgr.exe and press ENTER
• Select the drive-letter from the list and click OK
• Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
• Select the drive-letter from the list and click OK
• Click the More Options tab
  
  
• Click the Clean up… button under System Restore and Shadow Copies.
• Click OK.

Sorry for the double post. Thanks Bobbye. I did all of this but the OTL program only cleaned up itself. TFC.exe, Java uninstaller program, malwarebytes, ESET, etc are still on here. Are they safe to delete manually?

Also- I noticed my .PDF file reader doesn't work anymore. I just noticed this today but it could of stopped working since the fake virus thing occured. I have Adobe PDF Writer and it was working fine before. Any idea why this would of happened and could it of been connected?

Thanks a lot.

 

[Bobbye]

Gambit, I don't think you can make the one pop up you had the cause for anything that isn't working right!

1. The users who have 64 bit systems are telling me that it was common to see the *32 in the Task Manager. One person suggested that it/they might have been there but you only noticed it when you opened the Task Manager to stop a process.

2. If there is any program we used that didn't clean up, you can uninstall in Add/Remove Programs or use the following for most:
Download OTCleanIt by OldTimer and save it to your Desktop.

• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

TFC would have been good to keep since it was one of the programs I recommended. The Eset scan will be in addons. you can leave it as it's user invoked, If you want to remove it:
Click on Tools> Manage add-ons> Highlight either Eset or Nod32> Disable.

3. You will need to clarify this for me:

I noticed my .PDF file reader doesn't work anymore. I just noticed this today but it could of stopped working since the fake virus thing occured. I have Adobe PDF Writer and it was working fine before.

I do not see the Adobe Reader in your installed programs-or as a running process in the original logs- just get plus plus for the Flash which you have.There is no other Adobe program installed. If you just want the PDF Reader, you can visit this Adobe Reader site and download the latest version.

4. I would like to mention that you have an enormous number of processes running. You need to check what's on the machine, decide if you want it or need it and if you don't uninstall it. Don't put programs on Startup if you don't need them- and all you really need if the AV, firewall and touchpad for laptop. If you have Network Magic, there are 2 processes for that. Anything else can be started when you need it. Why have is start on boot, run in the background, use the system resources if you don't need it!

5. Companies pre-load a lot of junk a system before they ship them. Sony, on their VAIO, is one of the worse. Most users don't use most of these processes and most don't even know they have them. systems should always be but through some kind of check to remove what isn't needed or wanted. But it's up to you to check out what the processes are for.

5. Now that you have a firewall, you have to tell it what you want to access the internet that is on your system. You do that by configuring the firewall. So look for the Comodo help. Most of what is outgoing can be stopped by either blocking or removing and keep in mind that everything you have auto-updating will connect to the internet several times a day looking for updates- good reason to stop all auto-update except for antivirus.:

These pop up with Comodo but some say safe

See #5:
1. OOBEFcdRegistration.exe>> [RegistrationReminder] "c:\program files\sony\first experience\OOBEFcdRegistration.exe"
2. ThirdPartyAppMgr.exe>> C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
3. PowerManager.exe>> C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

 

[GambitX]

Gambit, I don't think you can make the one pop up you had the cause for anything that isn't working right!

Haha, sorry I guess I panicked a bit when I saw the pop-up. My old computer I had issues with when I was in college, it was connected to a huge network so I would often get infected. It wasn't until I downloaded Spybot search & destroy and some other anti-virus stuff did the problems stop. I still have bad memories from that experience that stick with me, even four years later.

1. The users who have 64 bit systems are telling me that it was common to see the *32 in the Task Manager. One person suggested that it/they might have been there but you only noticed it when you opened the Task Manager to stop a process.

Ok great, thanks a lot for the information. I google'd the problem when I first saw it, and I noticed some people saying it could be a virus. This is good information though.

2. If there is any program we used that didn't clean up, you can uninstall in Add/Remove Programs or use the following for most:
Download OTCleanIt by OldTimer and save it to your Desktop.

• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

TFC would have been good to keep since it was one of the programs I recommended. The Eset scan will be in addons. you can leave it as it's user invoked, If you want to remove it:
Click on Tools> Manage add-ons> Highlight either Eset or Nod32> Disable.

I ran OTC again and nothing had cleaned up other than itself. I ended up keeping TFC because it is very useful. I disabled ESET as well, thank you.

3. You will need to clarify this for me:


I do not see the Adobe Reader in your installed programs-or as a running process in the original logs- just get plus plus for the Flash which you have.There is no other Adobe program installed. If you just want the PDF Reader, you can visit this Adobe Reader site and download the latest version.

Thank you. I fixed this. For some reason I only had Adobe Flash Player installed. The PDF was working not too long ago which is odd. I wonder if I removed it by accident? Either way, I have it back on. Thanks.

4. I would like to mention that you have an enormous number of processes running. You need to check what's on the machine, decide if you want it or need it and if you don't uninstall it. Don't put programs on Startup if you don't need them- and all you really need if the AV, firewall and touchpad for laptop. If you have Network Magic, there are 2 processes for that. Anything else can be started when you need it. Why have is start on boot, run in the background, use the system resources if you don't need it!

5. Companies pre-load a lot of junk a system before they ship them. Sony, on their VAIO, is one of the worse. Most users don't use most of these processes and most don't even know they have them. systems should always be but through some kind of check to remove what isn't needed or wanted. But it's up to you to check out what the processes are for.

This may be a really stupid question but how do I stop programs from running off startup? I never put any programs on startup and would definitely like to disable some (I didn't even know this was an option..). Is there somewhere you recommend that I can go to, to help me with what is safe to remove and what is not necessary? I would love to get rid of a lot of these programs, but i was always afraid of uninstalling/deactivating the wrong ones.

5. Now that you have a firewall, you have to tell it what you want to access the internet that is on your system. You do that by configuring the firewall. So look for the Comodo help. Most of what is outgoing can be stopped by either blocking or removing and keep in mind that everything you have auto-updating will connect to the internet several times a day looking for updates- good reason to stop all auto-update except for antivirus.:

This firewall is awesome. I really appreciate you referring this to me. I can tell it is very, very good and I may just have to get used to what programs are supposed to be outgoing. I will read up on this and try to teach myself how to use it properly.

See #5:
1. OOBEFcdRegistration.exe>> [RegistrationReminder] "c:\program files\sony\first experience\OOBEFcdRegistration.exe"
2. ThirdPartyAppMgr.exe>> C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
3. PowerManager.exe>> C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

Will do thank you.

I just wanted to take time to once again, thank you for your time in assisting me on this. I guess I panicked when I saw the virus popup but I ended up getting a great firewall and an anti-virus thanks to you. You are extremely helpful and I can't believe that you take your free time to assist people like this, it is great.

I hope you don't mind but I referred your forum to a lot of friends of mine. A couple of them visited the site today, read the articles but have not posted yet.

Thanks so much. I look forward to seeing your reply. I am really clueless as to what is safe to remove/not needed so any help will be greatly appreciated. I'd like to make my computer run as fast and smooth (but safe of course) as it possibly can.

EDIT: Wanna know something interesting Bobbye? I click the IE shortcut which is pinned to my taskbar. Usually, IE would open in 64-bit. After that fake virus scan popped up, it was running in 32 bit (or so I think.. it could of just not been noticed by me, but I'm pretty sure it always ran in 64 bit..). I hit start-----> all programs then saw Internet Explorer (64 bit). I clicked that and IE is back running in 64 bit, but some other programs are still running in 32 bit. I pinned the 64 bit shortcut back to the task bar and deleted the other one. Could that fake virus scan have swapped my IE shortcuts? It is just strange because I don't see th epoint of that, lol. Anyway, just realized it and thought I'd share, hope that info can shed some light on something.

I'm in the process of reviewing the different processes but I really have no idea what to uninstall or disable b/c depending on what site I look, some say keep it, others say turn it off. Seems like some of these programs are considered "Bloatware". It sucks that Sony has to pre-download this junk.

 

[Bobbye]

how do I stop programs from running off startup?

Virtually every program on a new system outs itself on the Start menu. And when you download any new program, you are asked if it should go on the Start menu. Note that very few processes need to start on boot and most can be used by choosing the program itself.

Here is a list of Sony VAIO Services that you can reset Startup to Manual. If you decide to uninstall any of these, the Service can then be changed to Disabled:
Change Sony VAIO Services to Manual:

Start> Run> services.msc> right click on each of the following Services> Properties> Change the Startup type to MANUAL> Stop the Service.

Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
VAIO Entertainment Aggregation and Control Service (may be VzRs or VzFw)
VAIO Entertainment File Import Service - (may be VzCdb)
VAIO Entertainment TV Device Arbitration Service - (may be VzCs)
VAIO Entertainment UPnP Client Adapter - (may be VCSW)
VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - (may be VMISrv)
VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - (may be SV_Httpd)
VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - (may be UPnPFramework)
VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - (may be VmGateway)
VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - (may be GPVSvr)
VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - (may be \SV_Httpd.)

VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - (may be UPnPFramework)

If you need specific info about what any of these Services do, please do a search.

To stop a program from starting on boot and running in the background using the msconfig utility
Please refer to the screen shots and directions HERE.

There are instructions I would like to add however, based on my use of msconfig with other operating systems:
The screen shows a check in Normal Startup. Please check Selective Startup instead, then the Start tap.
#6 has the last step and an image of a screen you get. This is essentially a nag message and you need to ut a check in 'don't shoe this message again.' IF the message includes you are 'in a diagnostic more' and suggests you go back to Normal Mode, don't do it. If this works like earlier Windows OS, going back to Normal Mode will restore all the processes you unchecked. You need to remain in Selective startup to keep the changes.

And an FYI for you: Normal Startup vs Selective Startup is not the same as Normal Mode vs Safe Mode.

Regarding 32 bit vs 64 bit: Here is a thread I started about this matter. You can read the discussion and use the links jobeard left if you want to do more reading:
http://www.tech-101.com/windows-7/1547-starting-64-bit-32-bit.html#post7664

Please let me know if I've left anything out. I do have a reference suggestion for you. There is a Windows 7 for Dummies book available at bookstores. I use this series for general reference because the language is not technical and guidance is basic. I think everyone need one for their OS!

 

[GambitX]

Thanks. I didn't see a lot of those services under services.msc but the ones I found I disabled. Thanks for that.

I went through each service starting on start-up and disabled the ones not needed. I went from 82 processes to now 70, and I'm sure there are still more to disable. It looks like a lot of the others aren't listed on the start-up list (ones that start-up on boot). For instance, ThirdPartyManager.exe isn't listed on the startup list but I did see it under services.msc

I'm still trying to figure out which ones are good to diable and which others are not. I'll read some more about this, this way I can locate the files which are unneccessarily running right now.

So I guess my computer was never infected with anything at all right? Is my computer safe now to use for banking or online purchases? Thanks a lot Bobbye.

 

[Bobbye]

If you check the list of the VAIO Services, you will see that I added "may be ****". I did that because the Service name and the Display name may be different. Reviewing the BlackViper site for Services is the best information you can find. Scroll down the the chart he has for the Services and take note of each column heading.Each services tells what it does, what the Dependencies are and what the best settings are. They include all of the Windows 7 Services:
Windows 7 Service Configurations: http://www.blackviper.com/Windows_7/servicecfg.htm

A tip about working with Services. I find it best to boot into Safe Mode when changing Startup types. That way you will be able to set any Dependencies without getting an error that 'a dependent Service isn't running."

Take your time when working with Services. It is very important that some be set to Automatic startup because they need to be running from boot. On the other hand, those that only need to run when you use what it is does, can be set to Manual so as to not use resources unnecessarily. And lastly, a few can be Disabled, partly as a security measure.

And you might find working with the Startup menu, using msconfig will be easier in Safe Mode

 

[GambitX]

Thanks a lot Bobbeye. So everything is safe to use right? It is OK to use the internet for purchases and bill paying through this computer?

 

[Bobbye]

You're welcome. Your system is clean. You should be safe. If you would like to add some security, go ahead and change your passwords.

 

[GambitX]

Great! Thanks a lot Bobbye. I will go ahead and do that. I appreciate your help!

 

[Bobbye]

You're welcome. Here are more security tips for you. NOTE: I haven't edited this for Windows 7 yet- there may be a couple of other programs that you can't use. The first part was the layered security which I gave you already- here's the rest:.

Tips for added security and safer browsing:

1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
   This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
2. Stay current on updates:
   [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
   [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
   [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
   
3. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   
4. Do regular Maintenance
   Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribune
   OR
   [o]TFC
   Disable and Enable System Restore:
   [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
5. Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

 

[GambitX]

I thought I replied to this when you initially posted but I guess I didn't ..

Thanks so much Bobbye for all your help. I just wanted to let you know that Comodo Firewall is awesome and so is Avira anti-virus. I also like the file cleaner program, works great and is easy to use.

Question though for you- I was browsing my fantasy sports sites and Avira popped up saying it detected malware (bottom right corner of screen) and asked if I wanted to remove it. I did. Is there any way to double check to make sure there is no malware on the computer? Avira came up as soon as the ad popped up and seemed ot block it but I wanted to make sure.

THANKS!

 

[GambitX]

Ok I guess I am supposed to post my new problem here? Bobbye can you please let me know if I am posting in the right spot? Broni closed my other topic I had made.. with my logs.. I'll repaste them here

 

[GambitX]

Ran my Avira virus-scan today and it picked up a Java virus.. Can you please help?

Here is the scan log:


Avira AntiVir Personal
Report file date: Wednesday, October 20, 2010 22:40

Scanning for 2955693 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MLEE-VAIO

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:05:50
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:05:53
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:05:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 22:06:02
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 22:06:03
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 22:06:03
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 22:06:03
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 22:06:03
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 22:06:03
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 23:35:05
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 02:38:06
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 02:57:19
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 22:34:24
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 00:20:25
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 06:45:32
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 22:20:58
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 23:15:30
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 22:15:59
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 03:32:58
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 03:32:59
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 22:40:35
VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 02:39:45
VBASE027.VDF : 7.10.12.255 2048 Bytes 10/20/2010 02:39:46
VBASE028.VDF : 7.10.13.0 2048 Bytes 10/20/2010 02:39:46
VBASE029.VDF : 7.10.13.1 2048 Bytes 10/20/2010 02:39:46
VBASE030.VDF : 7.10.13.2 2048 Bytes 10/20/2010 02:39:46
VBASE031.VDF : 7.10.13.9 44032 Bytes 10/20/2010 02:39:46
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/15/2010 22:06:12
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 9/18/2010 03:29:08
AESCN.DLL : 8.1.6.1 127347 Bytes 9/15/2010 22:06:12
AESBX.DLL : 8.1.3.1 254324 Bytes 9/15/2010 22:06:13
AERDL.DLL : 8.1.9.2 635252 Bytes 9/23/2010 02:38:10
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 22:16:07
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/15/2010 22:06:11
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/21/2010 02:39:50
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 22:16:04
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/3/2010 06:45:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 9/15/2010 22:06:08
AECORE.DLL : 8.1.17.0 196982 Bytes 9/26/2010 02:57:23
AEBB.DLL : 8.1.1.0 53618 Bytes 9/15/2010 22:06:07
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, October 20, 2010 22:40

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\DevDiv\VC\Servicing\8.0\sp
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\DevDiv\VC\Servicing\8.0\RED\1033\sp
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTra y\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.
c:\program files (x86)\java\jre6\bin\jp2launcher.exe
c:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
[NOTE] The process is not visible.
c:\program files (x86)\real\realupgrade\realupgrade.exe
c:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'iexplore.exe' - '146' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '126' Module(s) have been scanned
Scan process 'iexplore.exe' - '126' Module(s) have been scanned
Scan process 'iexplore.exe' - '126' Module(s) have been scanned
Scan process 'iexplore.exe' - '152' Module(s) have been scanned
Scan process 'iexplore.exe' - '145' Module(s) have been scanned
Scan process 'iexplore.exe' - '147' Module(s) have been scanned
Scan process 'iexplore.exe' - '145' Module(s) have been scanned
Scan process 'iexplore.exe' - '148' Module(s) have been scanned
Scan process 'iexplore.exe' - '149' Module(s) have been scanned
Scan process 'iexplore.exe' - '151' Module(s) have been scanned
Scan process 'FlashUtil10i_ActiveX.exe' - '41' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '54' Module(s) have been scanned
Scan process 'PowerManager.exe' - '103' Module(s) have been scanned
Scan process 'ThirdPartyAppMgr.exe' - '99' Module(s) have been scanned
Scan process 'SmartWi.exe' - '97' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'CCP.exe' - '78' Module(s) have been scanned
Scan process 'realsched.exe' - '43' Module(s) have been scanned
Scan process 'avgnt.exe' - '61' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '46' Module(s) have been scanned
Scan process 'VCSW.exe' - '44' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '73' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '42' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '60' Module(s) have been scanned
Scan process 'DllHost.exe' - '35' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '39' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '37' Module(s) have been scanned
Scan process 'VCFw.exe' - '70' Module(s) have been scanned
Scan process 'VESMgr.exe' - '67' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '71' Module(s) have been scanned
Scan process 'sched.exe' - '52' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '735' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\mlee\AppData\Local\Temp\jar_cache3360243798503805902.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
--> Cz_0_CDKa__.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
--> jWSyyv.class
[DETECTION] Contains recognition pattern of the JAVA/Remote.B Java virus
--> M8PFGFzL.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.abj Java virus
--> rsl__E2.class
[DETECTION] Contains recognition pattern of the JAVA/SecureSet.A Java virus
--> saCPvD8X.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.abk.5 Java virus
--> uwE_qu4.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.AK Java virus

Beginning disinfection:
C:\Users\mlee\AppData\Local\Temp\jar_cache3360243798503805902.tmp
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.AK Java virus
[NOTE] The file was moved to the quarantine directory under the name '49d816a5.qua'.


End of the scan: Wednesday, October 20, 2010 23:21
Used time: 38:44 Minute(s)

The scan has been done completely.

 

[GambitX]

www.malwarebytes.org

Database version: 4897

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/20/2010 11:55:16 PM
mbam-log-2010-10-20 (23-55-16).txt

Scan type: Quick scan
Objects scanned: 138084
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[GambitX]

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by mlee at 23:56:34.28 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.2485 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\UStorSrv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\mlee\Downloads\moo\scan\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [LaunchUserRequestedPrograms] "C:\Program Files\Sony\First Experience\Miniprogram.exe"
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRunOnce: [Malwarebytes' Anti-Malware] C:\Users\mlee\Downloads\moo\scan\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-3 55280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-9-10 249496]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-9-10 33208]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-15 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-15 267432]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-9-15 81072]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-3 19968]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-18 139264]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-18 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-18 393216]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-21 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-13 1255736]

=============== Created Last 30 ================

2010-10-21 03:50:36 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-19 23:05:26 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{DFC7B546-FE91-4DC2-B526-2A2EA2390C8B}\mpengine.dll
2010-09-29 05:30:18 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 05:30:18 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-28 23:28:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 23:28:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 23:28:32 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 23:28:32 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-09-11 03:41:40 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-09-11 03:41:40 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-09-11 03:40:44 33208 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2010-09-11 03:40:44 249496 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2010-09-11 03:40:42 20864 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 23:59:15.16 ===============

 

[GambitX]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2009 11:16:55 PM
System Uptime: 10/20/2010 11:42:47 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 290 GiB total, 225.519 GiB free.
E: is Removable
F: is Removable
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP131: 10/5/2010 6:23:28 PM - Windows Update
RP132: 10/8/2010 1:04:26 AM - Windows Update
RP133: 10/8/2010 6:47:20 PM - Windows Update
RP134: 10/12/2010 7:29:26 PM - Windows Update
RP135: 10/13/2010 1:13:52 AM - Windows Update
RP136: 10/15/2010 7:18:17 PM - Windows Update
RP137: 10/19/2010 7:04:49 PM - Windows Update

==== Installed Programs ======================


Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
Avira AntiVir Personal - Free Antivirus
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Primo
QuickTime
Realms of Kaos
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Setting Utility Series
SmartWi Connection Utility
Sony Home Network Library
Sony Picture Utility
U-Storage Service
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO OOBE and Startup Assistant
VAIO Original Function Settings
VAIO Power Management
VAIO Presentation Support
VAIO Quick Web Access
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10/20/2010 7:03:39 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.
10/20/2010 7:03:10 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy10.
10/20/2010 11:43:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
10/20/2010 11:43:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.
10/20/2010 11:43:04 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/20/2010 11:17:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER--PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4663E24F-3089-4E27-A1DB-886BC3E53AC6}. The master browser is stopping or an election is being forced.
10/20/2010 10:40:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GAIL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4663E24F-3089-4E27-A1DB-886BC3E53AC6}. The master browser is stopping or an election is being forced.
10/17/2010 6:55:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy14.
10/17/2010 6:54:14 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy17.

==== End Of File ===========================

 

[Bobbye]

Sorry for the confusion. This is a new problem a month after the previous problem was resolved. Apparently I forgot to close this thread.

So this thread is now closed and new problem is being handled on https://www.techspot.com/vb/topic155242.html