Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows wont start. Constant rebooting.


  • This topic is locked This topic is locked
35 replies to this topic

#1 PDUBB

PDUBB

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 17 December 2014 - 12:01 PM

Hi there

 

I've been having some trouble with my computer as of lately, where windows wont boot through when I turn on the computer. Instead it goes to a blue screen, and then shuts off and tries to boot itself up again in a continuous cycle. I've tried going into the start up repair page to run a check for problems, but Startup Repair can never fix the issue. Instead I keep getting this message:

 

Problem Signature:

Problem Event Name: Startup Repair Offline

Problem Signature01: 6.1.7600.16385

Problem Signature02: 6.1.7600.16385

Problem Signature03: unknown

Problem Signature04: 21200326

Problem Signature05: Auto Failover

Problem Signature06: 15

Problem Signature07: BadDriver

OS Version: 6.1.7600.2.0.0.256.1

Locale ID: 1033

 

The computer was working well a few days before but had stopped once I ran a system update, so I'm not sure what I did wrong. I had run Avast a few days before, and it did not find anything, so I'm not certain if or how I managed to get by a virus if that is the case. I'm just hoping someone has a solution to my computer issue! I would like to hopefully fix the issue without having to restore the computer back to its factory settings! Let me know what information you may need.

 

Please Help! Thanks in Advance!

 

-PDUBB

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 22 December 2014 - 12:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560158 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 25 December 2014 - 05:28 PM

Greetings PDUBB and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you boot into Safe Mode?

Additionally, please do this.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • BSOD information

Edited by Oh My!, 25 December 2014 - 05:34 PM.
Added BSOD

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 PDUBB

PDUBB
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 27 December 2014 - 12:41 PM

Hi Gary, my name is Patrick! Thank you so much for your assistance!

 

I tried booting my computer in safe mode, but instead received this message:

 

FAILURE CONFIGURING WINDOWS UPDATES

REVERTING CHANGES

DO NOT TURN OFF YOUR COMPUTER

 

Then the screen went back to the Windows starting screen. I was able to disable to restart and received this STOP error on the BSOD:

 

Technical Information:

***STOP: 0x0000007E (OxFFFFFFFFC0000005, 0xFFFFF88002E40B73, 0xFFFFF880009A8F68, 0xFFFFF880009A87C0)

 

 

Let me know if you need any more information! Thank you!

 

-Patrick



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 27 December 2014 - 03:38 PM

Greetings Patrick,

Thank you for the information. Please do this.

===================================================

Farbar's Recovery Scan Tool in Recovery Environment

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
===================================================

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
===================================================

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[/b]
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 PDUBB

PDUBB
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 30 December 2014 - 02:24 PM

Here is the FRST log from the scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by SYSTEM on MININT-2NR9976 on 29-12-2014 11:18:49
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BService] => C:\Program Files (x86)\Bench\BService\1.1\bservice.exe
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Patrick\...\Run: [Facebook Update] => C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Patrick\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\Patrick\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\Patrick\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\Patrick\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\Patrick\...\Run: [BIBLauncher] => C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe [3951472 2014-06-20] ()
HKU\Patrick\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Patrick\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2008-09-29] (Intel Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1031392 2014-12-02] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-19] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-19] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSvia64.sys [488568 2011-11-18] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-02] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111219.001\ENG64.SYS [117880 2011-11-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111219.001\EX64.SYS [2048632 2011-11-19] (Symantec Corporation)
S1 pfmfs_463; C:\Windows\System32\Drivers\pfmfs_463.sys [249704 2010-07-07] (Pismo Technic Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-11-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S1 qknfd; system32\drivers\qknfd.sys [X]
S1 SMR430; \SystemRoot\System32\drivers\SMR430.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 09:28 - 2014-12-27 09:28 - 00269016 _____ () C:\Windows\Minidump\122714-36161-01.dmp
2014-12-27 09:28 - 2014-12-27 09:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 09:27 - 2014-12-27 09:27 - 230374104 _____ () C:\Windows\MEMORY.DMP
2014-12-14 14:14 - 2014-12-29 11:18 - 00000000 ____D () C:\FRST
2014-12-10 07:59 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\System32\charmap.exe
2014-12-10 07:59 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:59 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2014-12-10 07:59 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-10 07:59 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2014-12-10 07:59 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2014-12-10 07:59 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2014-12-10 07:59 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:59 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:59 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:59 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:59 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 07:43 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-12-10 07:43 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-02 11:21 - 2014-12-02 11:21 - 00000175 _____ () C:\Windows\System32\Drivers\aswSnx.sys.sum
2014-12-02 10:51 - 2014-12-02 10:53 - 00000000 ____D () C:\NPE
2014-12-02 10:23 - 2014-12-02 11:03 - 00000000 ____D () C:\Users\Patrick\AppData\Local\NPE
2014-12-02 10:21 - 2014-12-02 10:22 - 03060320 ____N (Symantec Corporation) C:\Users\Patrick\Downloads\NPE.exe
2014-12-02 09:07 - 2014-12-13 08:31 - 00003290 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 09:28 - 2014-05-07 07:31 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-12-27 09:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-13 09:21 - 2011-10-05 12:43 - 01218535 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 09:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 09:09 - 2012-11-02 14:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 08:38 - 2011-12-03 22:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 08:37 - 2013-07-17 08:06 - 00000000 ____D () C:\Windows\System32\MRT
2014-12-13 08:32 - 2012-01-17 12:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-12-13 08:31 - 2011-11-20 20:05 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 08:28 - 2011-12-26 19:38 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-703038861-3985118866-2051808413-1005UA.job
2014-12-13 08:28 - 2011-11-19 20:25 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Skype
2014-12-13 01:10 - 2012-11-13 20:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-12 19:09 - 2012-11-02 14:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 19:09 - 2012-11-02 14:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 19:09 - 2011-11-23 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 18:27 - 2011-11-19 12:32 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0EFB8F8-74AD-4782-A83B-5999EE8E265B}
2014-12-12 18:26 - 2011-12-26 19:38 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-703038861-3985118866-2051808413-1005Core.job
2014-12-08 00:12 - 2009-07-13 20:45 - 00028576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 00:12 - 2009-07-13 20:45 - 00028576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 08:33 - 2011-05-03 22:14 - 00000000 ____D () C:\Program Files (x86)\DDNi
2014-12-02 16:50 - 2011-11-28 20:54 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-12-02 11:21 - 2011-12-19 10:31 - 01031392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-12-02 10:57 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-02 10:50 - 2014-11-25 19:30 - 00000112 _____ () C:\Windows\setupact.log
2014-12-02 10:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-02 10:23 - 2011-05-03 23:33 - 00000000 ____D () C:\ProgramData\Norton
2014-12-02 09:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-12-02 09:18 - 2014-11-04 21:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-29 10:12 - 2012-12-10 15:02 - 00000000 ____D () C:\Users\Patrick\Desktop\Backgrounds

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-30 09:11:42
Restore point made on: 2014-12-01 08:13:57
Restore point made on: 2014-12-04 08:32:51
Restore point made on: 2014-12-07 19:12:08
Restore point made on: 2014-12-08 00:12:01
Restore point made on: 2014-12-12 18:40:05
Restore point made on: 2014-12-13 08:29:16

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4043.86 MB
Available physical RAM: 3414.55 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3402.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:31.16 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.32 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (My Book) (Fixed) (Total:465.65 GB) (Free:62.49 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10.3 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

LastRegBack: 2014-11-25 20:09

==================== End Of Log ============================

 

 

 

Hope this helps!

-Patrick



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 30 December 2014 - 05:01 PM

Greetings Patrick and thank you for the information.

Don't be surprised if your computer still won't boot as I don't expect it to yet, although I guess it is possible. Part of my instructions to obtain a Minidump file assumes your USB device will be the G: drive again. If it is not we will not get the file. If that is the case and you feel up to it you can change the last line in the Fixlist to reflect the USB drive letter. For instance, change from cmd: copy C:\Windows\Minidump\122714-36161-01.dmp G:\ to cmd: copy C:\Windows\Minidump\122714-36161-01.dmp H:\.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKU\Patrick\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Patrick\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
S3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
S1 SMR430; \SystemRoot\System32\drivers\SMR430.SYS [X]
C:\Users\Patrick\AppData\Local\Conduit
cmd: copy C:\Windows\Minidump\122714-36161-01.dmp G:\
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create 2 logs on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please zip and upload the Minidump file here
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Zipped and uploaded MiniDump file
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 PDUBB

PDUBB
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 30 December 2014 - 06:32 PM

Here are the contents of the Fixlog :

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014
Ran by SYSTEM at 2014-12-30 16:18:29 Run:5
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKU\Patrick\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Patrick\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
S3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
S1 SMR430; \SystemRoot\System32\drivers\SMR430.SYS [X]
C:\Users\Patrick\AppData\Local\Conduit
cmd: copy C:\Windows\Minidump\122714-36161-01.dmp G:\
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*WerKernelReporting => value deleted successfully.
HKU\Patrick\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainerV2 => value deleted successfully.
VCService => Service deleted successfully.
qknfd => Service deleted successfully.
SMR430 => Service deleted successfully.
C:\Users\Patrick\AppData\Local\Conduit => Moved successfully.

=========  copy C:\Windows\Minidump\122714-36161-01.dmp G:\ =========

        1 file(s) copied.

========= End of CMD: =========

==== End of Fixlog ====

 

 

I was not able to start my computer in Normal mode, but it did launch in Safe Mode this time! I found the dmp file and have uploaded it as asked!

 

-Patrick


Edited by PDUBB, 30 December 2014 - 06:41 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 30 December 2014 - 08:57 PM

Thanks Patrick. That is encouraging.

Please do this now.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Boot into Safe Mode
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Avast

  • Attempt to boot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Avast uninstall?
  • Can you boot into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 03 January 2015 - 10:36 AM

Greetings Patrick,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 PDUBB

PDUBB
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 03 January 2015 - 12:28 PM

Hi there!

 

Sorry about the delay in response!

 

I was able to uninstall AVAST, and my computer is finally able to boot in Normal mode!!!

 

Are there any follow up steps I should take now!? I am extremely grateful!!!!

 

-Patrick



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 03 January 2015 - 12:39 PM

Hi Patrick,

Very good! :)

I would like you to run FRST again in Normal Mode making sure there is a check mark in Addition.txt. This will give us a full report rather than only the partial report we get in the Recovery Environment.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 PDUBB

PDUBB
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 03 January 2015 - 01:32 PM

Hello!

 

Here is the log from the addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Patrick at 2015-01-03 11:22:19
Running from D:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.444 - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-703038861-3985118866-2051808413-1005\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business-in-a-Box (HKLM-x32\...\Business-in-a-Box) (Version: 5.1.1 - Biztree Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.51 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
eMusic Download Manager (HKLM-x32\...\eMusic Download Manager 5.0.5) (Version: 5.0.5 - eMusic.com Inc.)
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FrostWire 5.2.10 (HKLM-x32\...\FrostWire 5) (Version: 5.2.10.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 2620 series Basic Device Software (HKLM\...\{57D40DD1-C308-4217-B1B6-AA098EE0C632}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.01.04010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden
Product Improvement Study for HP Officejet 2620 series (HKLM\...\{C6EC8A4B-A7A4-4F3F-9CA8-2209165FE4C2}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.7.8773 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Spotify (HKU\S-1-5-21-703038861-3985118866-2051808413-1005\...\Spotify) (Version: 0.6.5 - )
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.5.01.04060 - Sony Corporation) Hidden
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 4.0.0.0811 - Sony)
VAIO Care (x32 Version: 6.4.1.05290 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.0.0.03050 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.0.06210 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.8.0.08120 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-11-2014 10:10:46 Windows Update
01-12-2014 09:12:44 Windows Backup
04-12-2014 09:32:01 Removed Oasis2Service
07-12-2014 20:10:47 Windows Backup
08-12-2014 01:11:20 Windows Update
12-12-2014 19:39:26 Windows Update
13-12-2014 09:28:46 Windows Update
03-01-2015 10:36:12 Windows Backup
03-01-2015 10:38:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-11-04 21:55 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts
54.235.90.58 hjjjegfhiceggepdokloeepnhlfnedkk

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {040CBEAC-A0AF-45BE-90B6-5C5D9296E7FF} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {21118122-1CEF-4DE9-8911-FC767844692D} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-27] (Jelbrus)
Task: {2CE2C9AB-0CAE-4A7A-8F73-40533824FC94} - System32\Tasks\HPCustParticipation HP Officejet 2620 series => C:\Program Files\HP\HP Officejet 2620 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {33D8D9FA-A12B-4D7F-9ACE-B62A6D6FD5E7} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {348EA7D0-AD58-4710-9B91-B477F63D1FA3} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {4B9965CE-7B70-4B44-8F4A-3CFFD6C42D1E} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {4CAA4B80-8048-49C7-8F1C-AD80D5137E06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {54F279D7-11BA-4E37-955F-EDA79514612E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {5C67836E-2409-4E2F-A14D-B387CB10BA1A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-703038861-3985118866-2051808413-1005UA => C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {65117D7D-3FC9-4352-9CBD-8490C8C41F3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {67972725-4551-4D78-88AE-67663CFB0FA3} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-02] (Digital Delivery Networks, Inc.)
Task: {7E4B7796-3E19-4CDE-A61E-D0C7010E199C} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-08-06] (Sony Electronics, Inc.)
Task: {83F361A0-65C2-4C6A-83CD-AA39C461A7F8} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {8A187B75-3633-4A5B-BCBC-699BE1612305} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A36B33E9-E83C-4893-90BE-9F1D8D5AC58A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {AFFD54E8-0C99-4F40-B914-070976EBCD4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {BFBDC5FA-59BA-4838-84EE-7AB86B71868C} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-02] (Digital Delivery Networks, Inc.)
Task: {D00829A2-4F11-4564-A858-88EF505EA92F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-06-06] () <==== ATTENTION
Task: {D06DEC9F-B3D7-43D0-AC0E-78A39EDB5E9E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {E2E38DB2-B5AF-48CD-93A4-66700B4F3E99} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {E40186F1-AC83-4EFD-84FB-9AAB6039FCF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6D58DA1-AB81-4A5B-8EAF-197BF7EBD3E6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-703038861-3985118866-2051808413-1005Core => C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E819843C-2061-48AA-B5D2-8CE816BCF4E4} - System32\Tasks\VAIO® Messenger (Patrick) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-02] (Digital Delivery Networks, Inc.)
Task: {F38D9515-F482-49C3-95EC-93ED21617AFA} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {F5D94577-3660-4C98-ADB0-56844016B0A3} - \GPUP No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-703038861-3985118866-2051808413-1005Core.job => C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-703038861-3985118866-2051808413-1005UA.job => C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 18:17 - 2010-01-09 18:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-20 23:40 - 2010-01-20 23:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-29 18:46 - 2011-03-29 01:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-15 21:48 - 2014-06-20 13:29 - 03951472 _____ () C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
2012-02-19 16:07 - 2009-07-24 16:17 - 00238080 _____ () C:\Program Files\Sony\VAIO Care\ManagedVAIORecovery.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00074240 _____ () C:\Program Files\Sony\VAIO Care\VAIORecovery.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00069120 _____ () C:\Program Files\Sony\VAIO Care\Logging.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00027648 _____ () C:\Program Files\Sony\VAIO Care\VAIOCommon.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00207360 _____ () C:\Program Files\Sony\VAIO Care\OsServices.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00042496 _____ () C:\Program Files\Sony\VAIO Care\PluginFactory.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\XMLTools.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00059392 _____ () C:\Program Files\Sony\VAIO Care\VAIOInstallAppsDrivers.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00155136 _____ () C:\Program Files\Sony\VAIO Care\InstallDB.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00137216 _____ () C:\Program Files\Sony\VAIO Care\InstallationTools.dll
2012-02-19 16:07 - 2009-07-24 16:17 - 00024576 _____ () C:\Program Files\Sony\VAIO Care\VAIOUtility.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 11:16 - 2014-01-20 11:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-03 23:49 - 2011-03-05 16:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2013-09-13 23:51 - 2013-09-13 23:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-13 23:50 - 2013-09-13 23:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2010-01-09 18:18 - 2010-01-09 18:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-20 23:34 - 2010-01-20 23:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-10 13:51 - 2012-08-10 13:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-10-18 10:30 - 2014-10-18 10:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-05-03 23:18 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-11 10:27 - 2013-07-02 23:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2013-07-11 10:27 - 2013-07-02 23:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-703038861-3985118866-2051808413-500 - Administrator - Disabled)
Guest (S-1-5-21-703038861-3985118866-2051808413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-703038861-3985118866-2051808413-1007 - Limited - Enabled)
Patrick (S-1-5-21-703038861-3985118866-2051808413-1005 - Administrator - Enabled) => C:\Users\Patrick

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2015 11:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3791

Error: (01/03/2015 11:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3791

Error: (01/03/2015 11:14:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/03/2015 10:23:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\avast.setup Files\AVAST Software\Avast\setup\avast.setup"  /uninstwiz ; Description = avast! Free Antivirus Setup; Error = 0x8007043c).

Error: (12/13/2014 09:28:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26268088

Error: (12/13/2014 09:28:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26268088

Error: (12/13/2014 09:28:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/13/2014 02:10:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5959

Error: (12/13/2014 02:10:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5959

Error: (12/13/2014 02:10:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (01/03/2015 11:16:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F4396DC6-E851-4D3A-8D01-34E6949F3500}

Error: (01/03/2015 11:14:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

Error: (01/03/2015 10:29:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB3009736).

Error: (01/03/2015 10:29:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3008923).

Error: (01/03/2015 10:29:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB3014406).

Error: (01/03/2015 10:29:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3013126).

Error: (01/03/2015 10:29:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2952664).

Error: (01/03/2015 10:22:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/03/2015 10:22:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/03/2015 10:22:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (01/03/2015 11:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3791

Error: (01/03/2015 11:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3791

Error: (01/03/2015 11:14:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/03/2015 10:23:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\AVAST Software\Avast\setup\avast.setup Files\AVAST Software\Avast\setup\avast.setup"  /uninstwiz avast! Free Antivirus Setup0x8007043c

Error: (12/13/2014 09:28:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26268088

Error: (12/13/2014 09:28:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26268088

Error: (12/13/2014 09:28:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/13/2014 02:10:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5959

Error: (12/13/2014 02:10:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5959

Error: (12/13/2014 02:10:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 4043.86 MB
Available physical RAM: 2382.06 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6027.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:31.36 GB) NTFS
Drive d: (My Book) (Fixed) (Total:465.65 GB) (Free:62.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10.3 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================

 

Let me know if you need any additional information!

 

-Patrick

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 03 January 2015 - 01:45 PM

Thanks Patrick,

Could you post the new FRST.txt log as well?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 06 January 2015 - 10:00 AM

Hi Patrick,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users