Solved Constant Avast alerts: trojan/malware/rootkit

[Reece]

[FONT=Arial]Hello all,[/FONT]

[FONT=Arial]Despite antivirus scans, I am experiencing constant Avast pop-ups on my parents' Sony VAIO laptop. It has Vista 32-bit.[/FONT]

[FONT=Arial]I have followed the instructions from the "5 Steps" thread.[/FONT]

[FONT=Arial]Steps 1 and 2:[/FONT]

[FONT=Arial]I have run a quick, full and boot-time scan of Avast, which obviously detected threats. If details on the infected files are required, please ask. I then did quick scan with Malwarebytes, which found no threats but the log is detailed below: [/FONT]

[FONT=Arial]Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org[/FONT]

[FONT=Arial]Database version: v2012.08.18.06[/FONT]

[FONT=Arial]Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carl and Sarah :: CARLANDSARAH-PC [administrator][/FONT]

[FONT=Arial]Protection: Enabled[/FONT]

[FONT=Arial]19/08/2012 11:52:01
mbam-log-2012-08-19 (11-52-01).txt[/FONT]

[FONT=Arial]Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197321
Time elapsed: 6 minute(s), 33 second(s)[/FONT]

[FONT=Arial]Memory Processes Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial]Memory Modules Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial]Registry Keys Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial]Registry Values Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial]Registry Data Items Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial]Folders Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial]Files Detected: 0
(No malicious items detected)[/FONT]

[FONT=Arial](end)[/FONT]

[FONT=Arial](Step 3):[/FONT]

[FONT=Arial]I'm sorry but the GMER log is simply too long to be pasted so I have no choice but to attach it. It is over 517,000 characters long. If this is still refused then I apologise but please understand that selecting, separating, pasting and posting with the 50,000 limit in mind will take a long time which I currently don't have at the time of writing - I don't wish to wait for another time either and lose the hours of progress so far. Perhaps if it really must be a requirement I will post the log in replies at a later time but since this will be spread 10 or more posts I feel that an attachment would benefit everyone despite the rules. Again, my apologies.[/FONT]

[FONT=Arial](Step 4):[/FONT]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Carl and Sarah at 13:36:36 on 2012-08-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.937 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Carl and Sarah\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Users\Carl and Sarah\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginmedia.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [Google Update] "c:\users\carl and sarah\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Skytel] Skytel.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F3240F0A-EFB2-4F33-8962-A669CF010825} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-3 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-3 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-3 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-18 655944]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2012-7-3 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-10 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-18 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-19 40776]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-5 250056]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2012-7-3 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 135664]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2012-7-3 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2012-7-3 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2012-7-3 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2012-7-3 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2012-7-3 83232]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2012-7-5 722288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-19 10:51:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-18 20:32:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 12:02:59 -------- d-----w- c:\users\carl and sarah\appdata\roaming\Malwarebytes
2012-08-18 12:01:39 -------- d-----w- c:\programdata\Malwarebytes
2012-08-18 12:01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 11:46:18 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4698c42e-74b7-40d9-bab6-a569a3da94e5}\mpengine.dll
2012-08-04 18:01:42 -------- d-----w- c:\users\carl and sarah\appdata\local\Apple Computer
2012-08-04 18:01:13 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-04 18:01:13 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-04 17:59:19 -------- d-----w- c:\program files\iPod
2012-08-04 17:59:16 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-04 17:59:16 -------- d-----w- c:\program files\iTunes
2012-08-04 17:58:14 -------- d-----w- c:\users\carl and sarah\appdata\local\Apple
2012-08-04 17:53:56 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2012-08-18 15:35:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 15:35:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-10 15:40:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-10 15:39:59 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-07-10 15:39:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-10 15:39:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-10 15:39:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-10 15:39:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-10 15:39:58 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-10 15:39:58 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-10 15:39:58 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:37:36.66 ===============

[FONT=Times New Roman] [/FONT]

 

[Reece]

...And this is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 03/07/2012 22:09:00
System Uptime: 19/08/2012 00:28:06 (13 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | N/A | 1333/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 161.117 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
µTorrent
avast! Free Antivirus
Big Fish Games Game Suite
Bonjour
Browser Address Error Redirector
Business Contact Manager for Outlook 2007 SP2
Click to Disc
Click to Disc Editor
DJ_AIO_03_F4200_Software_Min
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4200 All-In-One Driver 11.0 03
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 6
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
OpenMG Secure Module 5.1.00
Picasa 2
Primo
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Setting Utility Series
Skype™ 3.8
Sony Picture Utility
Sony Video Shared Library
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide 
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
WinDVD for VAIO
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
19/08/2012 11:48:25, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
19/08/2012 11:48:25, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
19/08/2012 11:48:25, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
19/08/2012 11:48:25, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/08/2012 11:47:25, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126
18/08/2012 16:24:12, Error: EventLog [6008] - The previous system shutdown at 16:21:03 on 18/08/2012 was unexpected.
18/08/2012 11:45:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
14/08/2012 22:16:58, Error: EventLog [6008] - The previous system shutdown at 22:10:04 on 14/08/2012 was unexpected.
.
==== End Of File ===========================

 

[Reece]

Here is the GMER log. If this is refused then perhaps someone could advise me on an alternative way of uploading?

EDIT: I forgot to mention that during the Avast boot-scan, it found an infected file in the Windows folder. I chose to move to chest anyway, but after that the computer says on the desktop that "This copy of Windows is not genuine" and has prompted me to activate it.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Reece]

Thank you for your helpful reply Broni. I have followed your instructions and hope these logs are of use.

rKill:

Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2012 05:34:27 PM in x86 mode.
Windows Version: Windows Vista

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* BFE [Missing Service]
* BITS [Missing Service]
* CscService [Missing Service]
* Fax [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* UmRdpService [Missing Service]
* wbengine [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe : 279,040 : 01/21/2008 00:24 AM : 2b336ab6286d6c81fa02cbab914e3c6c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe : 279,552 : 04/11/2009 00:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]

Program finished at: 08/20/2012 05:35:29 PM
Execution time: 0 hours(s), 1 minute(s), and 1 seconds(s)

aswMBR:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 17:37:17
-----------------------------
17:37:17.940 OS Version: Windows 6.0.6002 Service Pack 2
17:37:17.940 Number of processors: 2 586 0xF0D
17:37:17.946 ComputerName: CARLANDSARAH-PC UserName: Carl and Sarah
17:37:23.767 Initialize success
17:37:24.085 AVAST engine defs: 12082000
17:38:02.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:38:02.951 Disk 0 Vendor: FUJITSU_ 0041 Size: 238475MB BusType: 3
17:38:02.982 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005f
17:38:02.982 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
17:38:02.982 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000060
17:38:02.998 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
17:38:03.544 Disk 0 MBR read successfully
17:38:03.590 Disk 0 MBR scan
17:38:03.606 Disk 0 Windows VISTA default MBR code
17:38:03.715 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8152 MB offset 2048
17:38:03.903 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230321 MB offset 16697344
17:38:04.527 Disk 0 scanning sectors +488395120
17:38:05.683 Disk 0 scanning C:\Windows\system32\drivers
17:39:59.653 Service scanning
17:40:22.784 Modules scanning
17:42:09.731 Disk 0 trace - called modules:
17:42:09.785 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
17:42:09.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8693fac8]
17:42:09.806 3 CLASSPNP.SYS[8aba98b3] -> nt!IofCallDriver -> [0x85841cb8]
17:42:09.817 5 acpi.sys[8a2a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85847028]
17:42:13.791 AVAST engine scan C:\Windows
17:43:18.557 AVAST engine scan C:\Windows\system32
17:50:20.625 AVAST engine scan C:\Windows\system32\drivers
17:53:23.265 AVAST engine scan C:\Users\Carl and Sarah
18:57:25.849 AVAST engine scan C:\ProgramData
19:10:47.767 Scan finished successfully
19:33:08.637 Disk 0 MBR has been saved successfully to "C:\Users\Carl and Sarah\Desktop\MBR.dat"
19:33:08.652 The log file has been saved successfully to "C:\Users\Carl and Sarah\Desktop\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Reece]

On my first attempt at running Combofix, it ran but did not disconnect the Internet. On the second attempt, I received the following error message:

Error opening for writing@

C:\32788R22FWJFW\License\iexplore.exe

Click Abort to stop the installation,
Retry to try again, or
Ignore to skip the this file.

Retry didn't work, so I Aborted. I then followed your instructions for rKill and Combofix in Safe Mode. However I'm not entirely sure if Combofix completed successfully, as the computer restarted on its own and I can't find a log - it's not on the C drive.

Here is the rKill log:


Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 05:59:33 PM in x86 mode.
Windows Version: Windows Vista Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe : 279,040 : 01/21/2008 00:24 AM : 2b336ab6286d6c81fa02cbab914e3c6c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe : 279,552 : 04/11/2009 00:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]

Program finished at: 08/21/2012 06:01:27 PM
Execution time: 0 hours(s), 1 minute(s), and 54 seconds(s)

 

[Broni]

Retry Combofix from safe mode one more time.

 

[Reece]

I retried a few more times and I think I finally got it to work. I should note that Combofix alerted me that Avast was still running - however, the program does not run real-time protection in Safe Mode and I ensured that the shields were disabled. I'm assuming this was a false alarm but felt I should mention it all the same.

rKill:

Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/22/2012 12:05:16 PM in x86 mode.
Windows Version: Windows Vista Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/22/2012 12:05:28 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

Combofix:

ComboFix 12-08-20.02 - Carl and Sarah 22/08/2012 12:09:09.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.2488 [GMT 1:00]
Running from: c:\users\Carl and Sarah\Desktop\your_name.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 11:15 . 2012-08-22 11:16--------d-----w-c:\users\Carl and Sarah\AppData\Local\temp
2012-08-22 11:15 . 2012-08-22 11:15--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-22 10:04 . 2012-08-22 10:12--------d-----w-C:\your_name
2012-08-18 20:32 . 2012-07-03 12:4622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-18 12:02 . 2012-08-18 12:02--------d-----w-c:\users\Carl and Sarah\AppData\Roaming\Malwarebytes
2012-08-18 12:01 . 2012-08-18 12:01--------d-----w-c:\programdata\Malwarebytes
2012-08-18 12:01 . 2012-08-18 20:32--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-10 11:46 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{4698C42E-74B7-40D9-BAB6-A569A3DA94E5}\mpengine.dll
2012-08-04 18:01 . 2012-08-04 18:02--------d-----w-c:\users\Carl and Sarah\AppData\Roaming\Apple Computer
2012-08-04 18:01 . 2012-08-04 18:01--------d-----w-c:\users\Carl and Sarah\AppData\Local\Apple Computer
2012-08-04 18:01 . 2012-08-04 18:01--------dc----w-c:\windows\system32\DRVSTORE
2012-08-04 18:01 . 2009-05-18 12:1726600----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-04 18:01 . 2008-04-17 11:12107368----a-w-c:\windows\system32\GEARAspi.dll
2012-08-04 17:59 . 2012-08-04 17:59--------d-----w-c:\program files\iPod
2012-08-04 17:59 . 2012-08-04 18:01--------d-----w-c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-04 17:59 . 2012-08-04 18:01--------d-----w-c:\program files\iTunes
2012-08-04 17:59 . 2012-08-04 17:59--------d-----w-c:\programdata\Apple Computer
2012-08-04 17:58 . 2012-08-04 17:58--------d-----w-c:\users\Carl and Sarah\AppData\Local\Apple
2012-08-04 17:57 . 2012-08-04 17:57--------d-----w-c:\program files\Apple Software Update
2012-08-04 17:53 . 2012-08-04 17:53--------d-----w-c:\program files\Bonjour
2012-08-04 17:53 . 2012-08-04 17:59--------d-----w-c:\program files\Common Files\Apple
2012-08-04 17:53 . 2012-08-04 17:57--------d-----w-c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 15:35 . 2012-07-04 23:0170344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 15:35 . 2012-07-04 23:01426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-07-10 15:41 . 2012-07-10 15:4186528----a-w-c:\windows\system32\iesysprep.dll
2012-07-10 15:41 . 2012-07-10 15:4176800----a-w-c:\windows\system32\SetIEInstalledDate.exe
2012-07-10 15:41 . 2012-07-10 15:4174752----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2012-07-10 15:41 . 2012-07-10 15:4148640----a-w-c:\windows\system32\mshtmler.dll
2012-07-10 15:41 . 2012-07-10 15:41161792----a-w-c:\windows\system32\msls31.dll
2012-07-10 15:41 . 2012-07-10 15:4174752----a-w-c:\windows\system32\iesetup.dll
2012-07-10 15:41 . 2012-07-10 15:4163488----a-w-c:\windows\system32\tdc.ocx
2012-07-10 15:41 . 2012-07-10 15:41420864----a-w-c:\windows\system32\vbscript.dll
2012-07-10 15:41 . 2012-07-10 15:41367104----a-w-c:\windows\system32\html.iec
2012-07-10 15:41 . 2012-07-10 15:4123552----a-w-c:\windows\system32\licmgr10.dll
2012-07-10 15:41 . 2012-07-10 15:41152064----a-w-c:\windows\system32\wextract.exe
2012-07-10 15:41 . 2012-07-10 15:41150528----a-w-c:\windows\system32\iexpress.exe
2012-07-10 15:41 . 2012-07-10 15:4135840----a-w-c:\windows\system32\imgutil.dll
2012-07-10 15:41 . 2012-07-10 15:4111776----a-w-c:\windows\system32\mshta.exe
2012-07-10 15:41 . 2012-07-10 15:41110592----a-w-c:\windows\system32\IEAdvpack.dll
2012-07-10 15:41 . 2012-07-10 15:41101888----a-w-c:\windows\system32\admparse.dll
2012-07-10 15:40 . 2012-07-10 15:40979456----a-w-c:\windows\system32\MFH264Dec.dll
2012-07-10 15:40 . 2012-07-10 15:40357376----a-w-c:\windows\system32\MFHEAACdec.dll
2012-07-10 15:40 . 2012-07-10 15:40302592----a-w-c:\windows\system32\mfmp4src.dll
2012-07-10 15:40 . 2012-07-10 15:4098816----a-w-c:\windows\system32\mfps.dll
2012-07-10 15:40 . 2012-07-10 15:40586240----a-w-c:\windows\system32\stobject.dll
2012-07-10 15:40 . 2012-07-10 15:402873344----a-w-c:\windows\system32\mf.dll
2012-07-10 15:40 . 2012-07-10 15:40261632----a-w-c:\windows\system32\mfreadwrite.dll
2012-07-10 15:40 . 2012-07-10 15:40209920----a-w-c:\windows\system32\mfplat.dll
2012-07-10 15:40 . 2012-07-10 15:40135680----a-w-c:\windows\system32\XpsRasterService.dll
2012-07-10 15:40 . 2012-07-10 15:40847360----a-w-c:\windows\system32\OpcServices.dll
2012-07-10 15:40 . 2012-07-10 15:40667648----a-w-c:\windows\system32\printfilterpipelinesvc.exe
2012-07-10 15:40 . 2012-07-10 15:40638336----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2012-07-10 15:40 . 2012-07-10 15:40486400----a-w-c:\windows\system32\d3d10level9.dll
2012-07-10 15:40 . 2012-07-10 15:40478720----a-w-c:\windows\system32\dxgi.dll
2012-07-10 15:40 . 2012-07-10 15:4037376----a-w-c:\windows\system32\cdd.dll
2012-07-10 15:40 . 2012-07-10 15:4026112----a-w-c:\windows\system32\printfilterpipelineprxy.dll
2012-07-10 15:40 . 2012-07-10 15:40258048----a-w-c:\windows\system32\winspool.drv
2012-07-10 15:40 . 2012-07-10 15:40189952----a-w-c:\windows\system32\d3d10core.dll
2012-07-10 15:40 . 2012-07-10 15:401554432----a-w-c:\windows\system32\xpsservices.dll
2012-07-10 15:40 . 2012-07-10 15:401029120----a-w-c:\windows\system32\d3d10.dll
2012-07-10 15:39 . 2012-07-10 15:394096----a-w-c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-10 15:39 . 2012-07-10 15:39369664----a-w-c:\windows\system32\WMPhoto.dll
2012-07-10 15:39 . 2012-07-10 15:39252928----a-w-c:\windows\system32\dxdiag.exe
2012-07-10 15:39 . 2012-07-10 15:39195584----a-w-c:\windows\system32\dxdiagn.dll
2012-07-10 15:39 . 2012-07-10 15:39974848----a-w-c:\windows\system32\WindowsCodecs.dll
2012-07-10 15:39 . 2012-07-10 15:39519680----a-w-c:\windows\system32\d3d11.dll
2012-07-10 15:39 . 2012-07-10 15:39321024----a-w-c:\windows\system32\PhotoMetadataHandler.dll
2012-07-10 15:39 . 2012-07-10 15:39189440----a-w-c:\windows\system32\WindowsCodecsExt.dll
2012-07-03 16:21 . 2012-07-03 15:2554232----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-07-03 15:25353688----a-w-c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-07-03 15:2521256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-07-03 15:2535928----a-w-c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2012-07-03 15:25721000----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-07-03 15:2557656----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-07-03 15:2341224----a-w-c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-07-03 15:23227648----a-w-c:\windows\system32\aswBoot.exe
2012-06-13 13:40 . 2012-07-11 22:332047488----a-w-c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 22:011401856----a-w-c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 22:011248768----a-w-c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 22:01440704----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-07-10 13:4353784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-10 13:4345080----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-10 13:4335864----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-10 13:43577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-10 13:431933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-10 13:432422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-10 13:4388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-07-10 13:43171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-07-10 13:4333792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 22:261800192----a-w-c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:261129472----a-w-c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:261427968----a-w-c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:26142848----a-w-c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:262382848----a-w-c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 22:01278528----a-w-c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 22:01204288----a-w-c:\windows\system32\ncrypt.dll
2012-05-31 11:25 . 2012-07-09 07:01237072------w-c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2012-07-03 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2012-07-03 24576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:2898304----a-w-c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 15:35]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-04 23:02]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-04 23:02]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1655745397-1483904842-2566182057-1003Core.job
- c:\users\Carl and Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 14:59]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1655745397-1483904842-2566182057-1003UA.job
- c:\users\Carl and Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 12:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-22 12:17:49
ComboFix-quarantined-files.txt 2012-08-22 11:17
.
Pre-Run: 180,350,218,240 bytes free
Post-Run: 180,410,400,768 bytes free
.
- - End Of File - - 82DE6098D674308F558DFE241F77F195

So far I have had no pop-ups and the "this copy of Windows is not genuine" text on the wallpaper is now gone. Is the cleaning complete? If so you have my sincerest gratitude. I will continue checking this thread though to see your confirmation.

 

[Broni]

Good news

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Reece]

OTL.txt:

OTL logfile created on: 24/08/2012 17:22:42 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Carl and Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.36% Memory free
5.96 Gb Paging File | 4.68 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.92 Gb Total Space | 164.14 Gb Free Space | 72.98% Space Free | Partition Type: NTFS

Computer Name: CARLANDSARAH-PC | User Name: Carl and Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/24 17:20:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Carl and Sarah\Desktop\OTL.exe
PRC - [2012/08/18 16:35:11 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/13 07:08:45 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Carl and Sarah\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/03 22:37:48 | 000,024,576 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/09 13:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/07/07 20:28:04 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/07 20:28:04 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/03 07:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/06/28 05:01:36 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/06/28 05:01:34 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/06/20 16:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/20 03:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/06/20 03:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/06/19 16:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/05/22 22:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/04 04:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/03/25 12:28:02 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
PRC - [2008/03/25 12:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 22:46:05 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012/07/11 22:46:02 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/07/11 22:45:59 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/07/11 22:45:54 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/07/11 22:45:53 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/07/11 20:08:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/07/11 20:07:54 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/07/11 20:07:31 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/07/11 20:07:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/07/10 20:49:07 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/07/10 20:48:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/07/10 20:48:19 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/07/10 20:46:49 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/07/10 20:46:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/07/03 22:28:38 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/07/10 00:21:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/07/10 00:21:19 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/18 16:35:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/09 13:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/07/07 20:28:04 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/03 07:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/28 05:01:36 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/06/20 16:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/20 03:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/19 16:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/12 07:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 07:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/22 22:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 22:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/21 03:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/21 03:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/21 03:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 09:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 09:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 09:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CARLAN~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 17:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/07/09 01:05:17 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/28 02:37:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/21 01:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/10 01:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/10 12:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {323BBAEC-DCCA-4C02-892A-A3C27903D2E4}
IE - HKLM\..\SearchScopes\{323BBAEC-DCCA-4C02-892A-A3C27903D2E4}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\..\SearchScopes,DefaultScope = {323BBAEC-DCCA-4C02-892A-A3C27903D2E4}
IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\..\SearchScopes\{323BBAEC-DCCA-4C02-892A-A3C27903D2E4}: "URL" = http://www.google.com/search?q={sea...Encoding}&sourceid=ie7&rlz=1I7SNYK_en-GBGB491
IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carl and Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carl and Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012/07/13 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carl and Sarah\AppData\Roaming\Mozilla\Firefox\extensions
[2012/07/13 14:08:27 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\Carl and Sarah\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Carl and Sarah\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Carl and Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1655745397-1483904842-2566182057-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3240F0A-EFB2-4F33-8962-A669CF010825}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 17:20:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Carl and Sarah\Desktop\OTL.exe
[2012/08/22 12:17:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/22 12:17:50 | 000,000,000 | ---D | C] -- C:\Users\Carl and Sarah\AppData\Local\temp
[2012/08/22 12:17:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/22 11:14:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/22 11:04:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/22 11:04:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/22 11:04:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/22 11:04:38 | 000,000,000 | ---D | C] -- C:\your_name
[2012/08/21 17:52:15 | 001,587,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Carl and Sarah\Desktop\iExplore.exe
[2012/08/21 17:51:56 | 001,587,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Carl and Sarah\Desktop\rkill.exe
[2012/08/21 17:50:10 | 004,734,695 | R--- | C] (Swearware) -- C:\Users\Carl and Sarah\Desktop\your_name.exe
[2012/08/21 17:42:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/21 17:41:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/20 17:36:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Carl and Sarah\Desktop\aswMBR.exe
[2012/08/18 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/18 21:32:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/18 13:02:59 | 000,000,000 | ---D | C] -- C:\Users\Carl and Sarah\AppData\Roaming\Malwarebytes
[2012/08/18 13:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/18 13:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/16 14:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/08/04 19:01:42 | 000,000,000 | ---D | C] -- C:\Users\Carl and Sarah\AppData\Roaming\Apple Computer
[2012/08/04 19:01:42 | 000,000,000 | ---D | C] -- C:\Users\Carl and Sarah\AppData\Local\Apple Computer
[2012/08/04 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/04 19:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/08/04 18:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/04 18:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/04 18:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/04 18:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/04 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\Carl and Sarah\AppData\Local\Apple
[2012/08/04 18:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/08/04 18:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/04 18:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/04 18:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

========== Files - Modified Within 30 Days ==========

[2012/08/24 17:20:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Carl and Sarah\Desktop\OTL.exe
[2012/08/24 17:19:36 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1655745397-1483904842-2566182057-1003UA.job
[2012/08/24 17:19:36 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/24 17:19:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/24 17:19:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 17:19:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 17:19:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 07:43:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/24 07:43:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1655745397-1483904842-2566182057-1003Core.job
[2012/08/22 20:43:46 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 11:22:06 | 000,655,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/22 11:22:06 | 000,126,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/22 11:14:10 | 203,782,848 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/22 10:48:57 | 000,002,049 | ---- | M] () -- C:\Users\Carl and Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 17:52:18 | 001,587,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Carl and Sarah\Desktop\iExplore.exe
[2012/08/21 17:52:04 | 001,587,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Carl and Sarah\Desktop\rkill.exe
[2012/08/21 17:50:03 | 004,734,695 | R--- | M] (Swearware) -- C:\Users\Carl and Sarah\Desktop\your_name.exe
[2012/08/20 19:33:08 | 000,000,512 | ---- | M] () -- C:\Users\Carl and Sarah\Desktop\MBR.dat
[2012/08/20 17:36:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Carl and Sarah\Desktop\aswMBR.exe
[2012/08/19 14:35:30 | 000,029,551 | ---- | M] () -- C:\Users\Carl and Sarah\Desktop\gmer.zip
[2012/08/18 21:32:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/18 14:51:16 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/18 14:51:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/04 19:01:23 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/08/22 12:28:55 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/22 11:14:10 | 203,782,848 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/22 11:04:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/22 11:04:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/22 11:04:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/22 11:04:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/22 11:04:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/21 17:44:26 | 000,002,049 | ---- | C] () -- C:\Users\Carl and Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/20 19:33:08 | 000,000,512 | ---- | C] () -- C:\Users\Carl and Sarah\Desktop\MBR.dat
[2012/08/19 14:35:30 | 000,029,551 | ---- | C] () -- C:\Users\Carl and Sarah\Desktop\gmer.zip
[2012/08/18 21:32:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 19:01:23 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/04 18:57:49 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/08 15:22:45 | 000,163,116 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012/07/08 15:22:45 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2012/07/08 13:43:46 | 000,006,656 | ---- | C] () -- C:\Users\Carl and Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 16:34:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/07/06 16:34:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/07/03 22:46:58 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2012/07/03 17:53:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/07/03 15:11:24 | 000,001,356 | ---- | C] () -- C:\Users\Carl and Sarah\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/07/13 16:51:42 | 000,000,000 | ---D | M] -- C:\Users\Carl and Sarah\AppData\Roaming\uTorrent
[2012/08/22 13:46:22 | 000,030,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of [FONT=Arial]report >[/FONT]

 

[Reece]

[FONT=Arial]Extras.txt:[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]OTL Extras logfile created on: 24/08/2012 17:22:42 - Run 1[/FONT]
[FONT=Arial]OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Carl and Sarah\Desktop[/FONT]
[FONT=Arial]Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation[/FONT]
[FONT=Arial]Internet Explorer (Version = 9.0.8112.16421)[/FONT]
[FONT=Arial]Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.36% Memory free[/FONT]
[FONT=Arial]5.96 Gb Paging File | 4.68 Gb Available in Paging File | 78.50% Paging File free[/FONT]
[FONT=Arial]Paging file location(s): ?:\pagefile.sys [binary data][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files[/FONT]
[FONT=Arial]Drive C: | 224.92 Gb Total Space | 164.14 Gb Free Space | 72.98% Space Free | Partition Type: NTFS[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Computer Name: CARLANDSARAH-PC | User Name: Carl and Sarah | Logged in as Administrator.[/FONT]
[FONT=Arial]Boot Mode: Normal | Scan Mode: All users | Quick Scan[/FONT]
[FONT=Arial]Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Extra Registry (SafeList) ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== File Associations ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][/FONT]
[FONT=Arial].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/FONT]
[FONT=Arial].hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Shell Spawning ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command][/FONT]
[FONT=Arial]batfile [open] -- "%1" %*[/FONT]
[FONT=Arial]cmdfile [open] -- "%1" %*[/FONT]
[FONT=Arial]comfile [open] -- "%1" %*[/FONT]
[FONT=Arial]cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/FONT]
[FONT=Arial]exefile [open] -- "%1" %*[/FONT]
[FONT=Arial]helpfile [open] -- Reg Error: Key error.[/FONT]
[FONT=Arial]hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)[/FONT]
[FONT=Arial]piffile [open] -- "%1" %*[/FONT]
[FONT=Arial]regfile [merge] -- Reg Error: Key error.[/FONT]
[FONT=Arial]scrfile [config] -- "%1"[/FONT]
[FONT=Arial]scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l[/FONT]
[FONT=Arial]scrfile [open] -- "%1" /S[/FONT]
[FONT=Arial]txtfile [edit] -- Reg Error: Key error.[/FONT]
[FONT=Arial]Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1[/FONT]
[FONT=Arial]Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)[/FONT]
[FONT=Arial]Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Arial]Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)[/FONT]
[FONT=Arial]Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)[/FONT]
[FONT=Arial]Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Security Center Settings ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][/FONT]
[FONT=Arial]"cval" = 1[/FONT]
[FONT=Arial]"FirewallDisableNotify" = 0[/FONT]
[FONT=Arial]"AntiVirusDisableNotify" = 0[/FONT]
[FONT=Arial]"UpdatesDisableNotify" = 0[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware][/FONT]
[FONT=Arial]"DisableMonitoring" = 1[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc][/FONT]
[FONT=Arial]"AntiVirusOverride" = 0[/FONT]
[FONT=Arial]"AntiSpywareOverride" = 0[/FONT]
[FONT=Arial]"FirewallOverride" = 0[/FONT]
[FONT=Arial]"VistaSp1" = Reg Error: Unknown registry data type -- File not found[/FONT]
[FONT=Arial]"VistaSp2" = Reg Error: Unknown registry data type -- File not found[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== System Restore Settings ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore][/FONT]
[FONT=Arial]"DisableSR" = 0[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Firewall Settings ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Authorized Applications List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Vista Active Open Ports Exception List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Vista Active Application Exception List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Arial]"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library[/FONT]
[FONT=Arial]"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data[/FONT]
[FONT=Arial]"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support[/FONT]
[FONT=Arial]"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus[/FONT]
[FONT=Arial]"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo[/FONT]
[FONT=Arial]"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher[/FONT]
[FONT=Arial]"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer[/FONT]
[FONT=Arial]"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth[/FONT]
[FONT=Arial]"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148[/FONT]
[FONT=Arial]"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools[/FONT]
[FONT=Arial]"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support[/FONT]
[FONT=Arial]"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO[/FONT]
[FONT=Arial]"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)[/FONT]
[FONT=Arial]"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer[/FONT]
[FONT=Arial]"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting[/FONT]
[FONT=Arial]"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)[/FONT]
[FONT=Arial]"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6[/FONT]
[FONT=Arial]"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide [/FONT]
[FONT=Arial]"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc[/FONT]
[FONT=Arial]"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network[/FONT]
[FONT=Arial]"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile[/FONT]
[FONT=Arial]"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector[/FONT]
[FONT=Arial]"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor[/FONT]
[FONT=Arial]"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox[/FONT]
[FONT=Arial]"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies[/FONT]
[FONT=Arial]"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ[/FONT]
[FONT=Arial]"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)[/FONT]
[FONT=Arial]"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool[/FONT]
[FONT=Arial]"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic[/FONT]
[FONT=Arial]"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update[/FONT]
[FONT=Arial]"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = [/FONT]
[FONT=Arial]"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8[/FONT]
[FONT=Arial]"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management[/FONT]
[FONT=Arial]"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites[/FONT]
[FONT=Arial]"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc[/FONT]
[FONT=Arial]"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes[/FONT]
[FONT=Arial]"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform[/FONT]
[FONT=Arial]"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager[/FONT]
[FONT=Arial]"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data[/FONT]
[FONT=Arial]"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable[/FONT]
[FONT=Arial]"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center[/FONT]
[FONT=Arial]"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio[/FONT]
[FONT=Arial]"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client[/FONT]
[FONT=Arial]"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update[/FONT]
[FONT=Arial]"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour[/FONT]
[FONT=Arial]"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting[/FONT]
[FONT=Arial]"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02[/FONT]
[FONT=Arial]"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story[/FONT]
[FONT=Arial]"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support[/FONT]
[FONT=Arial]"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007[/FONT]
[FONT=Arial]"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007[/FONT]
[FONT=Arial]"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007[/FONT]
[FONT=Arial]"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007[/FONT]
[FONT=Arial]"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007[/FONT]
[FONT=Arial]"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In[/FONT]
[FONT=Arial]"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components[/FONT]
[FONT=Arial]"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = [/FONT]
[FONT=Arial]"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music[/FONT]
[FONT=Arial]"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2[/FONT]
[FONT=Arial]"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]
[FONT=Arial]"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform[/FONT]
[FONT=Arial]"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting[/FONT]
[FONT=Arial]"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series[/FONT]
[FONT=Arial]"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper[/FONT]
[FONT=Arial]"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components[/FONT]
[FONT=Arial]"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2[/FONT]
[FONT=Arial]"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story[/FONT]
[FONT=Arial]"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2[/FONT]
[FONT=Arial]"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager[/FONT]
[FONT=Arial]"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy[/FONT]
[FONT=Arial]"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus[/FONT]
[FONT=Arial]"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min[/FONT]
[FONT=Arial]"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00[/FONT]
[FONT=Arial]"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03[/FONT]
[FONT=Arial]"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service[/FONT]
[FONT=Arial]"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan[/FONT]
[FONT=Arial]"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library[/FONT]
[FONT=Arial]"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer[/FONT]
[FONT=Arial]"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1[/FONT]
[FONT=Arial]"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility[/FONT]
[FONT=Arial]"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents[/FONT]
[FONT=Arial]"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer[/FONT]
[FONT=Arial]"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox[/FONT]
[FONT=Arial]"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core[/FONT]
[FONT=Arial]"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library[/FONT]
[FONT=Arial]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver[/FONT]
[FONT=Arial]"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = [/FONT]
[FONT=Arial]"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer[/FONT]
[FONT=Arial]"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager[/FONT]
[FONT=Arial]"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home[/FONT]
[FONT=Arial]"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting[/FONT]
[FONT=Arial]"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites[/FONT]
[FONT=Arial]"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX[/FONT]
[FONT=Arial]"avast" = avast! Free Antivirus[/FONT]
[FONT=Arial]"BFG-Big Fish Games Game Suite" = Big Fish Games Game Suite[/FONT]
[FONT=Arial]"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2[/FONT]
[FONT=Arial]"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP[/FONT]
[FONT=Arial]"dt icon module" = [/FONT]
[FONT=Arial]"ENTERPRISE" = Microsoft Office Enterprise 2007[/FONT]
[FONT=Arial]"Google Desktop" = Google Desktop[/FONT]
[FONT=Arial]"gtfirstboot Setting Request" = [/FONT]
[FONT=Arial]"HDMI" = Intel(R) Graphics Media Accelerator Driver[/FONT]
[FONT=Arial]"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO[/FONT]
[FONT=Arial]"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor[/FONT]
[FONT=Arial]"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00[/FONT]
[FONT=Arial]"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300[/FONT]
[FONT=Arial]"MarketingTools" = VAIO Marketing Tools[/FONT]
[FONT=Arial]"MFU Module" = [/FONT]
[FONT=Arial]"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1[/FONT]
[FONT=Arial]"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile[/FONT]
[FONT=Arial]"Microsoft SQL Server 2005" = Microsoft SQL Server 2005[/FONT]
[FONT=Arial]"Picasa2" = Picasa 2[/FONT]
[FONT=Arial]"SynTPDeinstKey" = Synaptics Pointing Device Driver[/FONT]
[FONT=Arial]"uTorrent" = µTorrent[/FONT]
[FONT=Arial]"VAIO Help and Support" = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== HKEY_USERS Uninstall List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_USERS\S-1-5-21-1655745397-1483904842-2566182057-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Arial]"Google Chrome" = Google Chrome[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Last 20 Event Log Errors ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][ Application Events ][/FONT]
[FONT=Arial]Error - 10/08/2012 14:12:09 | Computer Name = CarlandSarah-PC | Source = Application Hang | ID = 1002[/FONT]
[FONT=Arial]Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting[/FONT]
[FONT=Arial] with Windows and was closed. To see if more information about the problem is available,[/FONT]
[FONT=Arial] check the problem history in the Problem Reports and Solutions control panel. Process[/FONT]
[FONT=Arial] ID: 1440 Start Time: 01cd76ed114af465 Termination Time: 66[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 10/08/2012 15:00:13 | Computer Name = CarlandSarah-PC | Source = Application Error | ID = 1000[/FONT]
[FONT=Arial]Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp[/FONT]
[FONT=Arial] 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception[/FONT]
[FONT=Arial] code 0xc0000005, fault offset 0x004906ea, process id 0x1638, application start time[/FONT]
[FONT=Arial] 0x01cd772a5ee26700.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:16:19 | Computer Name = CarlandSarah-PC | Source = VzCdbSvc | ID = 7[/FONT]
[FONT=Arial]Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error[/FONT]
[FONT=Arial] code = 0x80042019)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:17:11 | Computer Name = CarlandSarah-PC | Source = WinMgmt | ID = 10[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:21:17 | Computer Name = CarlandSarah-PC | Source = VzCdbSvc | ID = 7[/FONT]
[FONT=Arial]Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error[/FONT]
[FONT=Arial] code = 0x80042019)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:22:24 | Computer Name = CarlandSarah-PC | Source = WinMgmt | ID = 10[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:30:59 | Computer Name = CarlandSarah-PC | Source = WinMgmt | ID = 10[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:37:26 | Computer Name = CarlandSarah-PC | Source = WinMgmt | ID = 10[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:41:28 | Computer Name = CarlandSarah-PC | Source = VzCdbSvc | ID = 7[/FONT]
[FONT=Arial]Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error[/FONT]
[FONT=Arial] code = 0x80042019)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 11/08/2012 05:42:21 | Computer Name = CarlandSarah-PC | Source = WinMgmt | ID = 10[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][ System Events ][/FONT]
[FONT=Arial]Error - 03/07/2012 13:11:47 | Computer Name = CarlandSarah-PC | Source = DCOM | ID = 10010[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 03/07/2012 13:11:53 | Computer Name = CarlandSarah-PC | Source = DCOM | ID = 10010[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< End of report >[/FONT]

 

[Broni]

OTL logs are clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Reece]

Security Check:

Results of screen317's Security Check version 0.99.46
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 6
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
FSS:
Farbar Service Scanner Version: 06-08-2012
Ran by Carl and Sarah (administrator) on 25-08-2012 at 11:56:05
Running from "C:\Users\Carl and Sarah\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****

I then used Temp File Cleaner, and I rebooted when it prompted. After reboot, I was given the message "spmgr.exe has stopped working".

ESET Scan found 4 threats:

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{caa5ee3c-35d3-f90c-9790-c88de857afd9}\U\80000000.@.vira variant of Win32/Sirefef.FA trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{caa5ee3c-35d3-f90c-9790-c88de857afd9}\U\800000cb.@.virprobably a variant of Win32/Agent.TEO trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.virWin32/Sirefef.FB.Gen trojandeleted - quarantined

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

========================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

===========================================

We have couple of registry keys missing....

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

 

[Reece]

New FSS log:
Farbar Service Scanner Version: 06-08-2012
Ran by Carl and Sarah (administrator) on 27-08-2012 at 19:09:49
Running from "C:\Users\Carl and Sarah\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
[FONT=mceinline]Internet Services:[/FONT]
[FONT=mceinline]============[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Connection Status:[/FONT]
[FONT=mceinline]==============[/FONT]
[FONT=mceinline]Localhost is accessible.[/FONT]
[FONT=mceinline]LAN connected.[/FONT]
[FONT=mceinline]Google IP is accessible.[/FONT]
[FONT=mceinline]Google.com is accessible.[/FONT]
[FONT=mceinline]Yahoo IP is accessible.[/FONT]
[FONT=mceinline]Yahoo.com is accessible.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Windows Firewall:[/FONT]
[FONT=mceinline]=============[/FONT]
[FONT=mceinline]mpsdrv Service is not running. Checking service configuration:[/FONT]
[FONT=mceinline]The start type of mpsdrv service is OK.[/FONT]
[FONT=mceinline]The ImagePath of mpsdrv service is OK.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]MpsSvc Service is not running. Checking service configuration:[/FONT]
[FONT=mceinline]Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.[/FONT]
[FONT=mceinline]Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.[/FONT]
[FONT=mceinline]Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Firewall Disabled Policy: [/FONT]
[FONT=mceinline]==================[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]System Restore:[/FONT]
[FONT=mceinline]============[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]System Restore Disabled Policy: [/FONT]
[FONT=mceinline]========================[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Security Center:[/FONT]
[FONT=mceinline]============[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Windows Update:[/FONT]
[FONT=mceinline]============[/FONT]
[FONT=mceinline]BITS Service is not running. Checking service configuration:[/FONT]
[FONT=mceinline]Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.[/FONT]
[FONT=mceinline]The ImagePath of BITS service is OK.[/FONT]
[FONT=mceinline]The ServiceDll of BITS service is OK.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Windows Autoupdate Disabled Policy: [/FONT]
[FONT=mceinline]============================[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Windows Defender:[/FONT]
[FONT=mceinline]==============[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Other Services:[/FONT]
[FONT=mceinline]==============[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]File Check:[/FONT]
[FONT=mceinline]========[/FONT]
[FONT=mceinline]C:\Windows\system32\nsisvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\dhcpcsvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\Drivers\afd.sys => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\Drivers\tdx.sys => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\dnsrslvr.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\mpssvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\bfe.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\SDRSVC.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\vssvc.exe => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\wscsvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\wuaueng.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\qmgr.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\es.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\cryptsvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe => MD5 is legit[/FONT]
[FONT=mceinline]C:\Windows\system32\rpcss.dll => MD5 is legit[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]**** End of log ****[/FONT]

 

[Broni]

We still have couple of keys missing...

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Double click on mpssvc.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

 

[Reece]

Farbar Service Scanner Version: 06-08-2012
Ran by Carl and Sarah (administrator) on 28-08-2012 at 17:50:38
Running from "C:\Users\Carl and Sarah\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Reece]

OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carl and Sarah
->Temp folder emptied: 81642 bytes
->Temporary Internet Files folder emptied: 233137248 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10860815 bytes
->Flash cache emptied: 2823 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7680 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 233.00 mb


[EMPTYFLASH]

User: All Users

User: Carl and Sarah
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Carl and Sarah
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08292012_162319

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I have also updated Windows Update, and installed the programs you suggested.

And with that, you have my heartfelt gratitude Broni. Your posts have been extremely helpful, detailed and easy to follow. Should I encounter similar issues again I will definitely revisit these forums. As far as I can tell the laptop is running perfectly again.

Thank you so much!

 

[Broni]

Yes!!

Good luck and stay safe