PUP.Optional.MyScrapNook.A & Trojan.FakeAlert detected

[ChrisOfTheOT]

Below is the 'after' Malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
< user >

07/12/2013 11:22:39
mbam-log-2013-12-07 (11-22-39).txt

Scan type: Full scan (C:\|D:\|E:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415841
Time elapsed: 2 hour(s), 14 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\MyScrapNook_12Installer.Start (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12Installer.Start.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YiIjNuJIAS.exe (Trojan.FakeAlert) -> Data: I:\User\TMP\YiIjNuJIAS.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

My wife's computer kept returning 'disk full' errors over the last couple of months. We also run WOT browser protection in IE and I noticed that it was prevented from running: it never occured to me that it might be a virus until I Googled the symptoms. A post here (or maybe HijackThis) said to scan with MB and with SuperAntiSpyware. MB found & deleted the above, SAS only found four tracking cookies - DoubleClick and three I've never heard of - and I deleted them, even though it said they were not actually harmful.

 

The symptoms are now gone and latest scans are 'no threats found' (horrah!), but I have no idea if any damage was done, or if there may be a problem still hidden. Should I do anything else?

 

Many thanks,

 

Chris

[LDTate]

 

Lets collect additional information off the system to see if we can spot the issue.

Please download DDS from the link below and save it to your desktop:
Note: Be sure to select Save as Type > All Types

Download one of the DDS tools from the location below and save to your Desktop
dds.scr - http://download.bleepingcomputer.com/sUBs/dds.scr
dds.com - http://download.bleepingcomputer.com/sUBs/dds.com

Double click dds.scr to run the tool.

It will automatically run; all you will see is a small message saying DDS is running in silent mode, then a message saying 2 logs shall be created on your Desktop.

When done, DDS will have saved 2 logs to your desktop:
1. DDS.txt
2. Attach.txt Please attach both logs in your next reply.

[ChrisOfTheOT]

Thanks for the reply Larry (sorry for the slight delay - I didn't realise you had replied).

 

Logs copied & pasted below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by **** at 15:35:37 on 2013-12-13
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3002.1552 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
d:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
d:\Program Files\Malwarebytes\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
D:\Program Files\realplayer\Update\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Server\Bin\Launchpad.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Apoint\ApMsgFwd.exe
D:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.



BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [5085195] i:\user\tmp\5085195.exe
uRun: [sUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "d:\program files\realplayer\update\realsched.exe" -osboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Launchpad] c:\program files\windows server\bin\Launchpad.exe -autostart
mRun: [skytel] Skytel.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.






TCP: NameServer = 192.168.1.254
TCP: Interfaces\{776A9614-3E3A-4350-A780-A90AEAE6BF27} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EA854BEC-15D0-40B1-B9F6-E093D1B667C7} : DHCPNameServer = 192.168.1.254
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - d:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - d:\program files\libronix dls\system\ResProt.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2008-7-7 22560]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HealthAlertsSvc;Windows Server Health Service;c:\program files\windows server\bin\SharedServiceHost.exe [2011-3-2 30592]
R2 LANConfig;Windows Server LAN Configuration;c:\program files\windows server\bin\LANConfigSvc.exe [2011-3-2 27520]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes\mbamscheduler.exe [2013-12-7 418376]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\windows server\bin\SharedServiceHost.exe [2011-3-2 30592]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-9-22 299008]
R2 providers_system;Windows Server Download Service;c:\program files\windows server\bin\SharedServiceHost.exe [2011-3-2 30592]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-7 98304]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\windows server\bin\ProviderRegistryService.exe [2012-11-2 41568]
R2 SqmProviderSvc;Windows Server SQM Service;c:\program files\windows server\bin\SharedServiceHost.exe [2011-3-2 30592]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-7 411488]
R2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\windows server\bin\WSConnectorUpdate.exe [2011-3-2 162176]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\windows server\bin\SharedServiceHost.exe [2011-3-2 30592]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-3-2 53504]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-4-9 224384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-7 22856]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-1-7 9344]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2008-1-7 14720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 initMonitor;Windows Server Initialization Service;c:\program files\windows server\bin\SharedServiceHost.exe [2011-3-2 30592]
S2 MBAMService;MBAMService;d:\program files\malwarebytes\mbamservice.exe [2013-12-7 701512]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-7 28464]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-31 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-31 11088]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="d:\program files\arcsoft\totalmedia extreme\digital theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-12 18:06:22 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4fbfa14-77c3-46bc-9fce-6929fcd8b9e7}\mpengine.dll
2013-12-11 10:25:46 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-11 07:42:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 07:42:33 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 07:42:33 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 07:42:32 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 07:42:31 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 07:42:31 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 07:42:31 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 07:42:31 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 07:42:31 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 07:42:30 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-07 19:54:00 -------- d-----w- c:\program files\WOT
2013-12-07 15:51:19 -------- d-----w- c:\users\anna\appdata\roaming\SUPERAntiSpyware.com
2013-12-07 15:50:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-07 11:21:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-06 11:18:08 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ae2a31b4-6bce-41eb-8412-c675cf31574d}\gapaengine.dll
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-17 06:44:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-17 06:44:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 09:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2008-10-11 11:15:17 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 15:36:36.52 ===============

.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 22/09/2008 18:56:31
System Uptime: 13/12/2013 13:35:50 (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | N/A | 2401/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 65 GiB total, 19.016 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.295 GiB free.
E: is FIXED (NTFS) - 200 GiB total, 83.446 GiB free.
F: is Removable
G: is Removable
H: is CDROM ()
I: is FIXED (NTFS) - 11 GiB total, 7.776 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP1265: 06/12/2013 13:57:04 - Scheduled Checkpoint
RP1266: 07/12/2013 19:53:35 - Installed WOT for Internet Explorer
RP1267: 09/12/2013 08:53:25 - Windows Update
RP1268: 10/12/2013 13:12:36 - Scheduled Checkpoint
RP1269: 11/12/2013 13:26:50 - Scheduled Checkpoint
RP1270: 11/12/2013 19:07:52 - Windows Update
RP1271: 12/12/2013 13:43:35 - Scheduled Checkpoint
RP1272: 13/12/2013 13:49:33 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Alps Pointing-device for VAIO
Amazon MP3 Downloader 1.0.9
Apple Software Update
Aqua Bubble
Arcade Lines 1.81
ArcSoft TotalMedia Extreme
ArcSoft WebCam Companion 2
Bible Data Type System Files
Canon Inkjet Printer Driver Add-On Module
Canon MP Navigator 1.0
Canon MP780
Canon ScanGear Starter
Common System Files
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.7
CyberLink PhotoNow
CyberLink PowerDirector
Defraggler
Family Tree Maker 2009
Family Tree Maker 2010
Family Tree Maker 2012
FastStone Image Viewer 3.6
Google Earth
Graphical Query Editor
HD Writer AE 2.0
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games 2003
Hoyle Puzzle and Board Games
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Jane Greenoff Pattern Creator 2
Java 6 Update 10
Java 6 Update 6
Java 6 Update 7
Libronix Digital Library System
Libronix DLS Application
LibronixUpdate
LLS Resource Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft AutoRoute 2002
Microsoft Easy Assist v2
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Sounds
Microsoft Outlook Personal Folders Backup
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft WSE 3.0
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Club VAIO
Nikon Scan
NVIDIA Drivers
OEB Resource Driver
OGA Notifier 2.0.0048.0
Partition Wizard Home Edition 4.2.2
PDF Resource Driver
Protector Suite QL 5.6
QuickTime
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Sentence Diagramming
Setting Utility Series
SmartSound Quicktracks Plugin
SpywareBlaster 4.6
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VAIO Control Center
VAIO Data Restore Tool
VAIO Event Service
VAIO Guide
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Wallpaper Contents
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIDCOMM Bluetooth Software 6.1.0.2200
Windows Home Server 2011 Connector
Windows Installer Clean Up
Windows Media Encoder 9 Series
WinDVD for VAIO
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
13/12/2013 08:55:45, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
13/12/2013 08:54:06, Error: volmgr [46] - Crash dump initialization failed!
10/12/2013 09:25:42, Error: EventLog [6008] - The previous system shutdown at 08:18:55 on 10/12/2013 was unexpected.
.
==== End Of File ===========================

 

(No idea why the font changed - sorry.)

 

Cheers,

 

Chris

[LDTate]

I'm not seeing anything bad.

How's it running?

[ChrisOfTheOT]

On the whole it looks okay, except that the disk space on 'C' is filling up quickly again: It's down to 18.8 GB free, that's five or six gig used in a week. Perhaps it's the MB & SAS I installed - plus some huge Windows updates this week? Would clearing out the Restore Points be all that's required?

 

Many thanks again Larry,

 

Cheers,

 

Chris

[LDTate]

Personaly I'd uninstall SUPERAntiSpyware

Then I suggest you do this:

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.

  Under Main choose: Select All

  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All

  Click the Empty Selected button.

  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All

  Click the Empty Selected button.

  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

[ChrisOfTheOT]

I've unistalled SAS & run ATF Cleaner, as you suggested. I also cleared 'all but the last' Restore Points & my wife now has 29.6GB of free space on 'C' - more than it's been for a long time.

 

Thanks once again for looking at this Larry - your help (& reassurance) is hugely appreciated.

 

Unless you say otherwise, I'll take your last reply as 'mission accomplished'.

 

Happy Christams Larry,

 

Cheers,

 

Chris  

[LDTate]

Great job

You're more than welcome.
Glad we were able to help

Peace be with you

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.