Solved Win 7 'Antispyware' 2012 malware infection

[theolugs]

Later that day I researched my shutdown probs. Yet I didn't find what I was looking for, however I did find that an app named avscanningservice.exe was probably the malware I caught.
the log showed the .exe interferred with the startup process. I tried looking up the file, but returned no result .. Hopefully it's deletedby CF or others, but i'm not sure it is.

other then that, the VAIOcare apps are also interferring with the startup and shutdown process.
I began running the less useless VAIO programs yesterday to see what they're about:
Care; runs tests on my drivers so the cause of errors can be found
update: checks in with VAIO for updates on VAIO systems
there's only one possible problem: they don't have an uninstaller .. so now i'm not savvy about removing them as i must do this manually in Control Panel.

 

[Bobbye]

The best order to do an uninstall is:

1. See if program has it's own uninstaller. If it does, use it.
2. If no uninstaller in program, then use Add/Remove Programs.
After you uninstall a program, use Windows Explorer (Win key + E) to access Computer> Local Drive (usually C)> Programs> find program folder for each uninstalled program and do a Right Click> Delete.
3. IF neither #1 or #2 is available, you can use the Windows Installer Cleanup Utility to remove the program.

An alternative for removing the useless preloads is the PC Decrapifier. (I am not sure whether this works on Win 7.

 

[theolugs]

Thanks for your help sir, I'm glad I had a pro workin' on this that provided such good service!.
I'll remove the preloads by your suggestions.
and can I be sure that the malware infection is removed ?

 

[Bobbye]

Are you connected to a work network> I did some searching for the AVScanningService.exe

AVScanningService.exe is part of Prevention AV Scanning Service developed by Preventon Technologies Limited. This task protect your system against viruses, Trojan horses and other threats: >Gateway AntiVirus and Intrusion Prevention

Stability>> How stable is AVScanningService.exe> This process is quite unstable.
The following problems where reported :
* AVScanningService.exe crashes sometimes.
* AVScanningService.exe sometimes does not respond anymore
* AVScanningService.exe regular uses 100% of the CPU.

This definitely seems like heavy coverage for a home PC. It refers to AV scanning, but also mentions firewall. I don't see any processes in the logs that I can identify- no installed program, driver or Service.. However, based on what I read and the problem it is causing by hanging, this would appear to b something you are better off without.

If you use a network work server, you will need to check with the work IT before doing anything. If it is not network work related, you can try booting into Safe Mode, then searching the system for AVScanningService.exe or possibly Gateway or Prevention***.

It appears that this product has to be purchased. The consensus is that few think it needs to be running or is essential to the system. It is thought to be a legitimate product, although there isn't much out there about 'need'.
===============================

I did find that an app named avscanningservice.exe was probably the malware I caught.

This is coming up as a legitimate file. But I'd like you to check the Event Viewer. You will look in the Application log. Error will most likely be App Hang ID #1002. If you can find one of those for this process, double click on it, click on the Copy button and either paste the error here or give me the Description.

Click on Start> Run> type in Eventvwr.msc> Enter> Application log.

 

[theolugs]

most of the time I'm connected to my home network at my dorm, weekends at my parents home connection (wireless) and in school I'm sometimes connected to the school network. that only happens once every 2 weeks.

the info you found on the AVScanningService.exe is not that similar to what I found:
I found that certain sites claim this is an non-risk app created by preventon.
yet some forums (bout 3 I found) say the file was related to spyware infections such as my case (win7 antspyware ..).
Plus I never installed any AV or whatever protection other then my MS security essentials.
I will follow your instructions on locating the file in safe mode and post results in next reply.

checking the Event Viewer:
windows logs>application:
found 1 game app hang, several explorer.exe hangs and Foxit pdf reader hangs.

Log Name: Application
Source: Application Hang
Date: 17/10/2011 17:16:10
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program FoxitReader502.0718_enu_Setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: fc0
Start Time: 01cc8cdb3443ecaa
Termination Time: 0
Application Path: C:\Users\Larz\AppData\Local\Temp\is-0Q8BN.tmp\FoxitReader502.0718_enu_Setup.tmp
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-10-17T15:16:10.000000000Z" />
<EventRecordID>6831</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>51.1052.0.0</Data>
<Data>fc0</Data>
<Data>01cc8cdb3443ecaa</Data>
<Data>0</Data>
<Data>C:\Users\Larz\AppData\Local\Temp\is-0Q8BN.tmp\FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>
</Data>
<Binary>54006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 23/09/2011 16:18:36
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program firefox.exe version 6.0.2.4262 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 630
Start Time: 01cc79f79189d294
Termination Time: 82
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: e8f14cf2-e5ee-11e0-8325-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-09-23T14:18:36.000000000Z" />
<EventRecordID>2796</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>firefox.exe</Data>
<Data>6.0.2.4262</Data>
<Data>630</Data>
<Data>01cc79f79189d294</Data>
<Data>82</Data>
<Data>C:\Program Files (x86)\Mozilla Firefox\firefox.exe</Data>
<Data>e8f14cf2-e5ee-11e0-8325-78843ce85d04</Data>
<Binary>55006E006B006E006F0077006E0000000000</Binary>
</EventData>
</Event>

 

[theolugs]

Log Name: Application
Source: Application Hang
Date: 29/01/2012 14:37:30
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 157c
Start Time: 01ccde89bf644792
Termination Time: 65
Application Path: C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
Report Id: 0b779fdd-4a7e-11e1-a27f-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-29T13:37:30.000000000Z" />
<EventRecordID>19724</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>chrome.exe</Data>
<Data>16.0.912.77</Data>
<Data>157c</Data>
<Data>01ccde89bf644792</Data>
<Data>65</Data>
<Data>C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe</Data>
<Data>0b779fdd-4a7e-11e1-a27f-78843ce85d04</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 29/01/2012 20:58:04
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 150c
Start Time: 01ccde8b2a59f9bf
Termination Time: 19
Application Path: C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
Report Id: 8c6f9598-4ab3-11e1-a27f-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-29T19:58:04.000000000Z" />
<EventRecordID>19747</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>chrome.exe</Data>
<Data>16.0.912.77</Data>
<Data>150c</Data>
<Data>01ccde8b2a59f9bf</Data>
<Data>19</Data>
<Data>C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe</Data>
<Data>8c6f9598-4ab3-11e1-a27f-78843ce85d04</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>


Log Name: Application
Source: Application Hang
Date: 15/01/2012 17:35:43
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 174c
Start Time: 01ccd39806211691
Termination Time: 0
Application Path: C:\Windows\explorer.exe
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-15T16:35:43.000000000Z" />
<EventRecordID>17450</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>explorer.exe</Data>
<Data>6.1.7601.17567</Data>
<Data>174c</Data>
<Data>01ccd39806211691</Data>
<Data>0</Data>
<Data>C:\Windows\explorer.exe</Data>
<Data>
</Data>
<Binary>430072006F00730073002D00740068007200650061006400000044006500610064006C006F0063006B0000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 24/11/2011 0:04:45
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 454
Start Time: 01ccaa3319fe7081
Termination Time: 121
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-11-23T23:04:45.000000000Z" />
<EventRecordID>11803</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>wmplayer.exe</Data>
<Data>12.0.7601.17514</Data>
<Data>454</Data>
<Data>01ccaa3319fe7081</Data>
<Data>121</Data>
<Data>C:\Program Files (x86)\Windows Media Player\wmplayer.exe</Data>
<Data>
</Data>
<Binary>430072006F00730073002D00700072006F006300650073007300000054006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
</EventData>
</Event>

 

[theolugs]

Log Name: Application
Source: Application Hang
Date: 17/10/2011 16:35:55
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program FoxitReader502.0718_enu_Setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13b4
Start Time: 01cc8cd92fbc0917
Termination Time: 16
Application Path: C:\Users\Larz\AppData\Local\Temp\is-2BQF8.tmp\FoxitReader502.0718_enu_Setup.tmp
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-10-17T14:35:55.000000000Z" />
<EventRecordID>6753</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>51.1052.0.0</Data>
<Data>13b4</Data>
<Data>01cc8cd92fbc0917</Data>
<Data>16</Data>
<Data>C:\Users\Larz\AppData\Local\Temp\is-2BQF8.tmp\FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>
</Data>
<Binary>54006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 27/09/2011 11:00:44
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e68
Start Time: 01cc7cf37eaae7a5
Termination Time: 31
Application Path: C:\Windows\Explorer.EXE
Report Id: 2b20b407-e8e7-11e0-b98f-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-09-27T09:00:44.000000000Z" />
<EventRecordID>3759</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>Explorer.EXE</Data>
<Data>6.1.7601.17567</Data>
<Data>e68</Data>
<Data>01cc7cf37eaae7a5</Data>
<Data>31</Data>
<Data>C:\Windows\Explorer.EXE</Data>
<Data>2b20b407-e8e7-11e0-b98f-78843ce85d04</Data>
<Binary>430072006F00730073002D0074006800720065006100640000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 2/02/2012 14:13:09
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program warsow_x64.exe version 0.6.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13c4
Start Time: 01cce1ac4141baf6
Termination Time: 195
Application Path: C:\Program Files (x86)\Warsow 0.6\warsow_x64.exe
Report Id: 99c03805-4d9f-11e1-a39e-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-02T13:13:09.000000000Z" />
<EventRecordID>20290</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>warsow_x64.exe</Data>
<Data>0.6.1.0</Data>
<Data>13c4</Data>
<Data>01cce1ac4141baf6</Data>
<Data>195</Data>
<Data>C:\Program Files (x86)\Warsow 0.6\warsow_x64.exe</Data>
<Data>99c03805-4d9f-11e1-a39e-78843ce85d04</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>


next reply I'll add the search results for the avscanningservice.exe in safe mode like you instructed.

every error ID 1002 I have posted above, it's all I found. I hope this is the info you requested.

 

[theolugs]

after searching in control panel>performance info and tools >advanced I found a startup error by avscanningdevice.exe , though it was a ID 101.
thought I should post it

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 16/01/2012 0:24:31
Event ID: 101
Task Category: Boot Performance Monitoring
Level: Error
Keywords: Event Log
User: LOCAL SERVICE
Computer: Doc
Description:
This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service
Version : 1.5.76
Total Time : 66553ms
Degradation Time : 59053ms
Incident Time (UTC) : ‎2012‎-‎01‎-‎15T23:21:08.671600300Z
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}" />
<EventID>101</EventID>
<Version>1</Version>
<Level>2</Level>
<Task>4002</Task>
<Opcode>33</Opcode>
<Keywords>0x8000000000010000</Keywords>
<TimeCreated SystemTime="2012-01-15T23:24:31.314195900Z" />
<EventRecordID>1013</EventRecordID>
<Correlation ActivityID="{032B0C50-F800-0002-6444-995CDCD3CC01}" />
<Execution ProcessID="1692" ThreadID="3896" />
<Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
<Computer>Doc</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="StartTime">2012-01-15T23:21:08.671600300Z</Data>
<Data Name="NameLength">22</Data>
<Data Name="Name">AVScanningService.exe</Data>
<Data Name="FriendlyNameLength">30</Data>
<Data Name="FriendlyName">Preventon AV Scanning Service</Data>
<Data Name="VersionLength">7</Data>
<Data Name="Version">1.5.76</Data>
<Data Name="TotalTime">66553</Data>
<Data Name="DegradationTime">59053</Data>
<Data Name="PathLength">88</Data>
<Data Name="Path">C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe</Data>
<Data Name="ProductNameLength">30</Data>
<Data Name="ProductName">Preventon AV Scanning Service</Data>
<Data Name="CompanyNameLength">31</Data>
<Data Name="CompanyName">Preventon Technologies Limited</Data>
</EventData>
</Event>

 

[theolugs]

searching for the avscanningservice.exe in safe mode didn't return any results.
Hope I gave you useful enough info in the last posts.

thanks for the help ! I really appreciate it !

 

[Bobbye]

Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.

 

[Bobbye]

Thank you for your patience.
About this:

About this:
the info you found on the AVScanningService.exe is not that similar to what I found:
I found that certain sites claim this is an non-risk app created by preventon.
yet some forums (bout 3 I found) say the file was related to spyware infections such as my case (win7 antspyware ..).
Plus I never installed any AV or whatever protection other then my MS security essentials.
I will follow your instructions on locating the file in safe mode and post results in next reply.

Please be advised that I have the WOT> Web of Trust Site Advisor enabled for all my searches. It rates site in Red, Yellow and Green, which are like traffic lights. I only access sites that are rated Green> this tells me that the 4 rating criteria of 1. Trustworthy, Vendor Reliability, Privacy and Child Safety are good to excellent. Most of the time, when I don't recognize an entry, many of the sites are rated Red. I do not use any of them so that I can be assured that what I find is accurate.

This is my way of telling you it's possible you may have gotten information about the entry from one of the 'red' sites. An it's also possible that if you did, you may have gotten additional malware.
=======================================
On the App hangs: Theses are all different dates and times. Without information about what you were doing when the errors occurred, all I can do is say this:
#1, 2, 3, 5, 6> If any of these are on the Startup Menu (check using Start> Run> msconfig> Startup tab) uncheck any process related to each. None need to start on boot. They can be launched from All Programs as needed.
1. FoxIT Reader> Date: 17/10/2011 17:16:10

The program FoxitReader502.0718_enu_Setup.tmp version 51.1052.0.0

This is the setup file. FoxIt may not be installed correctly. Delete the setup you have now. Download fresh and install again. If the setup file (tmp) doesn't delete once it's installed, do a right click> Delete on the setup> you no longer need it.
2. Firefox> Date: 23/09/2011 16:18:36
3. Chrome> Date: 29/01/2012 20:58:04
4. Explorer> Date: 15/01/2012 17:35:43 (Windows Explorer)
If this continues, please check the Troubleshooting help for Win 7 HERE.
5. Windows Media Player: Date: 24/11/2011 0:04:45
6. Warsow 0.6\warsow_x64.exe: Date: 2/02/2012 14:13:09>>

System Requirements
Windows® 95 or NT 4.0 with 100% compatible computer system
Pentium® 90 MHz Processor (133 MHz recommended)
Memory: Win 95 - 16 MB RAM Required
Win NT 4.0 - 24 MB RAM Required

Please see information HERE for 64bit.

7. Microsoft-Windows-Diagnostics-Performance: Date: 16/01/2012 0:24:31This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service
Remove from Startup
Click on Start> Run> type in services.msc> enter> Look for Service in either of the above names> Double click to open> If it's set to Automatic Startup Type change to Manual. If it's set to Manual change to Disabled. In either case, stop the Service.
Note: if you cannot handle #7 in Normal Mode, boot into Safe Mode and make the change.
==========================================
For the .bat file:
Please navigate to c:\windows\SysWow64\TempWmicBatchFile.bat and do a right click? Delete
=========================================

 

[theolugs]

I deleted the bat file succesfully
searched for the AVscanningservice.exe, and found where it came from. it's not a virus, it was a part of an antispyware I downloaded before consulting this community (think it was part of spywaredoctor or so) when I unistalled the whole program after seeing it was a pay service, I forgot about it. in other words: it was already gone by uninstalling the affliated program.

thanks for the instructions on the errors, already tried the browser ones, haven't experienced crashes anymore since.

and thanks very much for the WOT add on, it's already been a real help everyday !

 

[theolugs]

almost forgot the msconfig info, thanks for that too, so many useless progs that start on boot !
you've been a real help, thanks !

 

[Bobbye]

Regarding this:

it only occurs when I had it in sleep mode for a while and then shut it down about an hour later.
It keeps showing the 'shutting down' screen, even after I once let it run for more than 20mins.

If it's a laptop and you close the lid, it most likely is set to 'sleep'. If you open the machine- but plan to close it down shortly, be sure it fully 'wakes up' before you shut down. Then go to Start> Shutdown> Make sure the dialog box shows 'Shut Down', then click on Okay.
================================================
This error:
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service
Appears that it was set to scan when you started up. There isn't much sense in wasting load time and resources doing a scan on Startup.

My source for the avscanningservice.exe was:http://systemexplorer.net/db/avscanningservice.exe.html
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service>>
Linked to About Gateway AntiVirus and Intrusion Prevention here:
http://www.backgroundtask.eu/Systeemtaken/taakinfo/30678/AVScanningService.exe/

I did not find any indication that this is not a legitimate program. Keep in mind that I only search on sites given the green light by WOT. Checking on any site rated red cannot be considered reliable information.
===========================================
The following may help you with the VAIO Processes:
Change Sony VAIO Services to Manual:
Start> Run> type services.msc> enter> click on each of the following Services>Change the Startup type to MANUAL> Stop the Service.

:
Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
VAIO Entertainment Aggregation and Control Service (may be VzRs or VzFw)
VAIO Entertainment File Import Service - (may be VzCdb)
VAIO Entertainment TV Device Arbitration Service - (may be VzCs)
VAIO Entertainment UPnP Client Adapter - (may be VCSW)
VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - (may be VMISrv)
VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - (may be SV_Httpd)
VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - (may be UPnPFramework)
VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - (may be VmGateway)
VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - (may be GPVSvr)
VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - (may be \SV_Httpd.)
VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - (may be UPnPFramework)

Sony Notebook Setup and Sony Utilities DLL need to be kept. Also keep "hotkey utility" if you want the Fn keys on your laptop to work. Other than that, you can get rid of everything.

• AppMon Utility>> This utility updates the Sony AppMon Utility for Microsoft Windows Vista operating system compatibility.
• Direct-Stream Digital (DSD) is the trademark name used by Sony and Philips for their system of recreating audible signals which uses pulse-density modulation encoding, a technology to store audio signals on digital storage media which is used for the Super Audio CD (SACD).
  [o] DSD Direct
  [o] DSD Direct Player
  [o] DSD Playback Plug-in
  This utility will install an updated version of the OpenMG™ Limited Patch to address an issue where the computer may restart when inserting or ejecting Memory Stick® media while SonicStage® software is starting.
  [o] OpenMG Limited Patch 4.7-07-15-19-01
  [o] OpenMG Secure Module 4.7.00
• Settings Utility Series>> This utility updates the Setting Utility Series to version 2.0.00.11270 and provides compatibility with the Microsoft® Windows Vista™ ...
• Sony Video Shared Library>> This utility updates the Sony® Video Shared Library to version 3.1.02.01170 to address the following issues:
  [o]AVCHD™ video files may not play smoothly
  [o]The default language of the installer is not set to English

======================================
If the problems have been resolved: Remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
  [o] Click START> then RUN
  [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
• Download OTCleanIt by OldTimer and save it to your Desktop.
  [o] Double click OTCleanIt.exe.
  [o] Click the CleanUp! button.
  [o] If you are prompted to Reboot during the cleanup, select Yes.
  [o]The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• Set a new, clean Restore Point
  [o] Click on Start> right click on Computer> Properties
  [o] Select System Protection
  [o] Click on the Create button (near bottom)
  [o] Type a name for the Restore Point
  [o] Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
  [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
  [o] Click Disk Cleanup from there.
  
  
  
  [o] Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
  [o] Click the More Options tab
  
  
  
  [o] Click the Clean up under System Restore and Shadow Copies.
  [o] Click OK.
  [o] You will get a confirmation screen> Just click Delete.
  [o] Click OK on the Disk Cleanup Screen.
  [o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
Let me know if you have any questions.