Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Web Pages will not load

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Web Pages will not load

Unread postby matwilliams19 » May 29th, 2011, 1:07 am

Web pages will not load, or if they do it will not be complete. Google.com.au only shows Google and a big "pause" symbol. IE will not load web pages at all. Windows sidebar will not load properly.

Had some problems with Ad-Aware. Would not run and would not uninstall. Missing files, missing header. I have since manually un-installed.

Everything runs fine in Safe Mode.

Ran several scans (superantispyware and malwarebytes anti-malware) but only found trackers and win32/toolbar.zugo.application - since removed.

Avast scan did not find any results.

Malwarebytes anti malware scan results is below (i ran it twice):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

27/05/2011 8:23:44 PM
mbam-log-2011-05-27 (20-23-44).txt

Scan type: Full scan (C:\|E:\|G:\|H:\|)
Objects scanned: 291864
Time elapsed: 1 hour(s), 1 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
h:\click\click.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

29/05/2011 2:48:16 PM
mbam-log-2011-05-29 (14-48-16).txt

Scan type: Quick scan
Objects scanned: 154362
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER LOG

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-29 14:53:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: gmer.exe; Driver: C:\Users\Nici\AppData\Local\Temp\kxldqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F978902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

DDS LOG

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nici at 14:55:44 on 2011-05-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2910.1566 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
H:\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://vaio-online.sony.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [CleanSetup] cmd /C rmdir /S /Q "c:\users\nici\appdata\local\temp\nro.tmp\"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-8 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-29 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-29 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-17 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-29 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-29 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-29 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-5-30 303104]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2009-4-18 109088]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-3-9 2296696]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-5-30 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-4-18 415592]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-21 21504]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-5-30 17920]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-18 112128]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-4-18 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca599ca7c24f20;Google Update Service (gupdate1ca599ca7c24f20);c:\program files\google\update\GoogleUpdate.exe [2009-10-31 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-18 29736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-31 133104]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2009-5-30 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2009-5-30 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2009-5-30 390440]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2009-5-30 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2009-5-30 91432]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-5-30 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-5-30 83240]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2011-1-17 664944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-29 02:38:40 -------- d-----w- c:\windows\pss
2011-05-29 02:08:59 -------- d-----w- c:\program files\ESET
2011-05-29 01:47:26 -------- d-----w- c:\users\nici\appdata\roaming\EurekaLog
2011-05-29 01:16:15 -------- d-----w- c:\users\nici\appdata\roaming\URSoft
2011-05-28 21:27:25 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-28 21:27:24 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-28 21:27:12 40112 ----a-w- c:\windows\avastSS.scr
2011-05-28 21:27:03 -------- d-----w- c:\programdata\AVAST Software
2011-05-28 21:27:03 -------- d-----w- c:\program files\AVAST Software
2011-05-27 09:10:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 09:10:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 08:20:06 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-27 08:20:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-27 08:20:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-27 08:19:59 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-27 08:16:48 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{199d69bb-6a06-4ebe-a0ef-e600aec9d117}\mpengine.dll
2011-05-26 09:39:32 -------- d-----w- c:\users\nici\appdata\roaming\Malwarebytes
2011-05-26 09:39:04 -------- d-----w- c:\programdata\Malwarebytes
2011-05-26 09:39:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-26 09:19:03 -------- d-----w- c:\users\nici\appdata\roaming\SUPERAntiSpyware.com
2011-05-26 09:19:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-26 09:18:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-30 03:22:33 -------- d-----w- c:\users\nici\appdata\local\Deployment
2011-04-30 03:22:33 -------- d-----w- c:\users\nici\appdata\local\Apps
.
==================== Find3M ====================
.
2011-05-24 09:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-20 21:14:03 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-20 21:14:03 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-20 21:14:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-20 21:14:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-20 21:14:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-20 21:14:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-20 21:14:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-20 21:14:00 367104 ----a-w- c:\windows\system32\html.iec
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 14:57:45.19 ===============


ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/10/2009 2:47:48 PM
System Uptime: 29/05/2011 11:35:32 AM (3 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | N/A | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 80.099 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader 9.4.4
Advertising Center
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
µTorrent
avast! Free Antivirus
Bonjour
Click to Disc
Click to Disc Editor
Conduit Engine
DolbyFiles
DVD Shrink 3.2
ESET Online Scanner v3
Google Chrome
Google Update Helper
Gracenote Plug-in
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iDump (Freeware) Build:29
ImagXpress
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Codec Pack 5.4.4 (Standard)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Momento 5.5.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Nero BackItUp 4
Nero ControlCenter
Nero Installer
Nero MediaHome 4
neroxml
Nikon File Uploader 2
Nikon Message Center 2
OGA Notifier 2.0.0048.0
OpenMG Secure Module 5.3.00
OpenOffice.org 3.2
Paint.NET v3.36
PeerBlock 1.1 (r518)
PHOTOfunSTUDIO 5.2 HD Edition
Picture Control Utility
Primo
QuickTime
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Setting Utility Series
Skype™ 5.0
SmartSound Quicktracks for Premiere Elements
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Home Network Library
Sony Picture Utility
Sony Video Shared Library
Splashtop
SUPERAntiSpyware
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
uTorrentBar Toolbar
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Edit Components
VAIO Edit Components 6.6
VAIO Entertainment Platform
VAIO Event Service
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update 4
VAIO Update 5
VAIO Wallpaper Contents
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIDCOMM Bluetooth Software
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
WinDVD for VAIO
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
29/05/2011 7:25:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/05/2011 7:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/05/2011 7:24:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL SAVOnAccess Smb spldr tdx Wanarpv6
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/05/2011 7:24:36 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/05/2011 11:39:11 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
29/05/2011 11:36:55 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
29/05/2011 11:36:55 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/05/2011 11:36:55 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
29/05/2011 11:36:13 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
29/05/2011 11:35:51 AM, Error: volmgr [46] - Crash dump initialization failed!
29/05/2011 11:27:26 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
29/05/2011 11:12:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
29/05/2011 11:08:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi DMICall SASDIFSV SASKUTIL SAVOnAccess spldr Wanarpv6
29/05/2011 11:08:10 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 11:07:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/05/2011 11:07:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/05/2011 11:07:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
29/05/2011 11:07:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/05/2011 11:06:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/05/2011 11:00:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
29/05/2011 11:00:17 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/05/2011 11:46:38 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:41 AM on 28/05/2011 was unexpected.
27/05/2011 6:39:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss SAVOnAccess Smb spldr tdx Wanarpv6
27/05/2011 6:12:15 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.105.124.0 Loading engine version: 1.1.6802.0
27/05/2011 6:10:40 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
26/05/2011 7:22:42 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
26/05/2011 7:16:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.105.365.0).
26/05/2011 7:13:45 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.105.124.0 Loading engine version: 1.1.6802.0
26/05/2011 6:39:23 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
26/05/2011 6:38:32 PM, Error: EventLog [6008] - The previous system shutdown at 7:51:04 PM on 25/05/2011 was unexpected.
25/05/2011 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
25/05/2011 6:23:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/05/2011 6:23:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/05/2011 11:33:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm
Advertisement
Register to Remove

Re: Web Pages will not load

Unread postby Wingman » June 1st, 2011, 11:20 am

Checking your logs, will return soon with instructions.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby Wingman » June 1st, 2011, 1:19 pm

Hello matwilliams19 ... Welcome to the forum.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

WARNING!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.

If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    µTorrent
    uTorrentBar Toolbar
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Create a System Restore Point - Vista

  1. Go to Start > Control Panel > System Maintenance... then click the System icon.
    (If you use Classic View, the System icon will be directly in the Control Panel).
  2. In the left pane click on System Protection. When prompted for confirmation... press OK to continue.
  3. When the Dialog comes up, click on the System protection tab.
  4. See that the drive letter where Windows is located (usually C:) has the box CHECKED.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 3.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTL and Extras txt file contents.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby matwilliams19 » June 1st, 2011, 10:04 pm

Thanks Wingman.
Only problem I had with instructions was I couldn't download OTL on the infected computer as web pages will not load so I copied over on a thumb drive.

The computer is having the same problems. Cant load web pages and windows sidebar will not load properly.

OTL File:

OTL logfile created on: 2/06/2011 11:43:50 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Nici\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.84 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.81% Memory free
5.89 Gb Paging File | 4.69 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.54 Gb Total Space | 82.12 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Drive H: | 955.73 Mb Total Space | 871.47 Mb Free Space | 91.18% Space Free | Partition Type: FAT

Computer Name: NICI-PC | User Name: Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nici\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (SafeList) ==========

MOD - C:\Users\Nici\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1305806281-797970954-517909416-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKU\S-1-5-21-1305806281-797970954-517909416-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1305806281-797970954-517909416-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
IE - HKU\S-1-5-21-1305806281-797970954-517909416-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1305806281-797970954-517909416-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/10/31 06:26:09 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
O3 - HKU\S-1-5-21-1305806281-797970954-517909416-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1305806281-797970954-517909416-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1305806281-797970954-517909416-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c185aa16-44b8-11e0-b705-002433d3a860}\Shell - "" = AutoRun
O33 - MountPoints2\{c185aa16-44b8-11e0-b705-002433d3a860}\Shell\AutoRun\command - "" = G:\ICM_ML.exe
O33 - MountPoints2\{ce018e5f-caef-11de-8759-001dbaf59978}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 11:42:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Nici\Desktop\OTL.exe
[2011/05/31 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/29 15:33:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/29 15:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/05/29 12:38:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/29 11:47:26 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\EurekaLog
[2011/05/29 11:16:15 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\URSoft
[2011/05/29 11:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/29 07:27:26 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/29 07:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/29 07:27:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/29 07:27:25 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/29 07:27:25 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/29 07:27:25 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/29 07:27:24 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/29 07:27:12 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/29 07:27:12 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/29 07:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/29 07:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/27 19:10:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/27 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/27 19:10:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 19:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/27 18:20:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/27 18:20:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/27 18:19:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/26 19:39:32 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\Malwarebytes
[2011/05/26 19:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/26 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 19:19:03 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/26 19:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/26 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[1 C:\Users\Nici\Desktop\*.tmp files -> C:\Users\Nici\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 11:45:10 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/02 11:45:10 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/02 11:40:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Nici\Desktop\OTL.exe
[2011/06/02 11:32:49 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/06/02 11:32:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 11:32:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 11:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 11:32:32 | 3052,425,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 19:25:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/01 19:24:30 | 000,100,864 | ---- | M] () -- C:\Users\Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 14:29:47 | 000,002,037 | ---- | M] () -- C:\Users\Nici\Desktop\Google Chrome.lnk
[2011/05/31 14:29:47 | 000,001,999 | ---- | M] () -- C:\Users\Nici\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/31 14:29:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1305806281-797970954-517909416-1003Core.job
[2011/05/31 14:27:00 | 000,022,627 | ---- | M] () -- C:\Users\Nici\Desktop\bookmarks_5_31_11.html
[2011/05/29 11:57:33 | 000,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2011/05/29 10:59:05 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/29 07:27:26 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/29 07:27:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/27 19:10:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 19:08:59 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/05/10 22:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 22:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 21:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Users\Nici\Desktop\*.tmp files -> C:\Users\Nici\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 19:10:37 | 3052,425,216 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 14:29:47 | 000,002,037 | ---- | C] () -- C:\Users\Nici\Desktop\Google Chrome.lnk
[2011/05/31 14:29:47 | 000,001,999 | ---- | C] () -- C:\Users\Nici\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/31 14:29:05 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1305806281-797970954-517909416-1003Core.job
[2011/05/31 14:26:59 | 000,022,627 | ---- | C] () -- C:\Users\Nici\Desktop\bookmarks_5_31_11.html
[2011/05/29 07:27:26 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/28 11:46:54 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/27 19:10:47 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 19:08:59 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/06 14:48:06 | 000,000,680 | ---- | C] () -- C:\Users\Nici\AppData\Local\d3d9caps.dat
[2010/12/06 20:00:24 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/06 20:00:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/06 20:00:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/06 20:00:24 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/06 20:00:24 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/06 20:00:24 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/06 20:00:24 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/06 20:00:24 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/06 20:00:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/06 20:00:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/12/06 20:00:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/06 20:00:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/06 20:00:24 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/06 20:00:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/06 20:00:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/06 20:00:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/12/06 20:00:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/12/06 20:00:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/06 20:00:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/06 19:51:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\Helper Scripts
[2010/12/06 19:51:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\Galactic Static
[2010/11/23 17:13:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/11/23 17:13:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/11/23 17:13:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/23 17:13:41 | 000,000,000 | ---- | C] () -- C:\Users\Nici\AppData\Roaming\Hip Hop
[2010/01/17 10:14:42 | 000,000,000 | ---- | C] () -- C:\Users\Nici\AppData\Roaming\downloads.m3u
[2010/01/03 19:44:51 | 000,004,096 | -H-- | C] () -- C:\Users\Nici\AppData\Local\keyfile3.drm
[2009/12/20 20:25:21 | 000,000,146 | ---- | C] () -- C:\Users\Nici\AppData\Roaming\default.rss
[2009/12/19 22:42:58 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/13 13:48:57 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/11 22:23:38 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/11/21 08:24:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/02 21:18:44 | 000,100,864 | ---- | C] () -- C:\Users\Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 17:45:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/29 16:00:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/29 16:00:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/28 21:34:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 19:30:43 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/05/30 19:14:46 | 000,003,871 | ---- | C] () -- C:\Windows\System32\McOEMAppRules.dat
[2009/04/18 05:13:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/18 05:11:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/18 04:06:28 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/18 04:06:26 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/04/18 04:06:25 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/04/18 04:06:25 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/04/18 04:06:25 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/04/18 04:06:24 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/18 04:06:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/18 04:06:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/04/18 04:06:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/04/18 04:06:24 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/04/18 03:59:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,427,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >



Extras File:


OTL Extras logfile created on: 2/06/2011 11:43:50 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Nici\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.84 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.81% Memory free
5.89 Gb Paging File | 4.69 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.54 Gb Total Space | 82.12 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Drive H: | 955.73 Mb Total Space | 871.47 Mb Free Space | 91.18% Space Free | Partition Type: FAT

Computer Name: NICI-PC | User Name: Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1305806281-797970954-517909416-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C09B5-0A70-4504-AE63-5BE494796251}" = lport=137 | protocol=17 | dir=in | app=system |
"{01404497-333F-4E10-8112-57775663729D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1524FA57-ACF8-4F7E-9D42-8DA50D5530B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2333DF95-839E-494C-9010-D9DB482B2B39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24EF3EED-F98C-43B9-8B58-305297757A8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C894A50-7B82-49D0-A343-92E003413B90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3138E244-D3B6-4EE6-962A-9150DB574A76}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3246B2C9-E4A5-46AF-8A58-2F6EF4FF5781}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36931243-D5A2-4369-9EB5-D01A5B8A0718}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{442EEB25-8B3A-4D9C-8CDA-677E5CC605CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{52A10740-0C62-4CE9-8579-FE9834D3D30B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{53480F29-E23B-4C09-BDAC-F70FA8AC04AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{590398C6-6125-4309-8FA1-D5CA1B8F7BD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{70035A0D-5963-495F-A194-92EDFAE35CEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{721AAFA0-CFD1-4B32-97E3-0B97857953DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{767362E4-2C0D-4E9B-A913-28D0390BF75A}" = rport=137 | protocol=17 | dir=out | app=system |
"{82B4FA12-47CB-45C4-9A79-74F48624B00D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{83F68A65-C32C-464C-9728-8EE905FDBEFC}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E84E37F-9E84-4D40-A895-D9D76AC9C8B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{920AB551-735E-439E-8154-5574CE9717A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{929801EB-4C5C-4F5A-84CE-0A7BD0A0C115}" = lport=2869 | protocol=6 | dir=in | app=system |
"{940C2014-082E-4484-B033-B01E934D5B75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94934529-39EA-4226-B3DB-576053CE8393}" = lport=138 | protocol=17 | dir=in | app=system |
"{A545BC40-4903-4075-AF7C-C5DCC2129CC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AAA84146-9560-492B-AF7B-F97968E901EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{ADE1DE00-DC67-4CEE-A533-A3DB2AF8A494}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF81F405-7B07-4108-B7DE-B4BCF39D6D87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BEA67C89-217B-4570-AC4C-4692B1D5EA85}" = rport=445 | protocol=6 | dir=out | app=system |
"{C56D153D-F8CA-4EEF-9B15-BDFB32F5D898}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6E9D3AF-2B9C-4BEA-8257-258CEE35346D}" = rport=138 | protocol=17 | dir=out | app=system |
"{F57429C5-5FE5-4D80-AAE4-92F8281A9411}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDEA3AE7-2322-489E-96FF-83BC84041727}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AADD378-24FE-4FEC-A675-021CD84CEA6B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0C702420-7CE0-4394-9BB7-2004D7C7C369}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{146D0C0E-C63E-4379-9440-31824876B3A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1BF8EA72-8381-40B2-B75C-E29EB38437C1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{298A5FB8-D9FB-425B-942B-55A625EC25DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{375BB21B-1719-49EA-87F7-5B62942B1243}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E6E3BEA-EB45-4661-B354-8AA9FDA2A2FE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{48E05E19-A34F-4EC3-AFCC-9DD24FB8AAC2}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{4CDABF10-83A2-48E4-B29A-FD23AA0B532A}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{58646060-C6AD-4C20-89D9-4D8F3E7B9EA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C38F5F2-C389-4F0C-AA37-4CF2C1BAF536}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F957909-E4AD-4E2E-84D8-045D88081F14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6F693E3D-0017-4CC4-B4C1-444478579F38}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{76486F00-14D9-48D9-A1CB-DB6954F27194}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7DDFE697-1502-4C19-9BD1-0CEE3135A187}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7E0BE741-DAC8-4511-8C41-B5AFA80467CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{85159904-4803-4783-8B28-5B48F5C5791E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85608E01-1636-4F5F-9379-9276C26AD9EA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8B7F683D-EF87-4A6D-A1B4-82A1636C5D4D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8C9D250C-C37D-4E9B-B5FC-6CA96B224699}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{95BC9DFF-E338-4BBC-94A3-B163F10EBEB9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9F569B64-2401-4236-91DB-92439623B6F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A1840904-B144-4666-82CD-4E4223A68F2F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A94AA210-05D1-4B96-82DF-089DF9440741}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B82F055A-FEA2-4A5C-99A8-FB4FF777FE44}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BCD06921-22E1-455E-BA11-DC2BDFB4944D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD734C8B-657C-4DE6-8A9B-78FBE2613020}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D06BB478-B6C7-4AF9-BBD9-F8A2CE616986}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{D2FB5515-EFBC-437B-A5A4-796A35081A11}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F47BD97B-40BE-424D-8BD8-5A00174D9919}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{F61B1C3E-BC28-496F-959D-AD49A7E7CF86}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AE09EFD-8680-4B14-9643-00AB33BEC6ED}" = PHOTOfunSTUDIO 5.2 HD Edition
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52B3D4A3-6AF9-4A9E-9E90-6228408764D6}" = VAIO Edit Components
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = Splashtop
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.6
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"avast" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DVD Shrink_is1" = DVD Shrink 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Momento" = Momento 5.5.2
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"splashtop" = Splashtop
"TeamViewer 6" = TeamViewer 6
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1305806281-797970954-517909416-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/05/2011 12:22:44 AM | Computer Name = Nici-PC | Source = EventSystem | ID = 4609
Description =

Error - 31/05/2011 12:23:49 AM | Computer Name = Nici-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/05/2011 12:31:19 AM | Computer Name = Nici-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 31/05/2011 12:32:28 AM | Computer Name = Nici-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/06/2011 5:07:58 AM | Computer Name = Nici-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/06/2011 5:09:12 AM | Computer Name = Nici-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/06/2011 5:11:11 AM | Computer Name = Nici-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 1/06/2011 5:11:23 AM | Computer Name = Nici-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/06/2011 9:33:08 PM | Computer Name = Nici-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 1/06/2011 9:33:50 PM | Computer Name = Nici-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/06/2011 5:11:25 AM | Computer Name = Nici-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/06/2011 5:11:25 AM | Computer Name = Nici-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/06/2011 5:11:25 AM | Computer Name = Nici-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/06/2011 5:13:00 AM | Computer Name = Nici-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 1/06/2011 9:32:24 PM | Computer Name = Nici-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/06/2011 9:32:31 PM | Computer Name = Nici-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/06/2011 9:33:50 PM | Computer Name = Nici-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/06/2011 9:33:50 PM | Computer Name = Nici-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/06/2011 9:33:50 PM | Computer Name = Nici-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/06/2011 9:34:49 PM | Computer Name = Nici-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm

Re: Web Pages will not load

Unread postby Wingman » June 5th, 2011, 3:15 pm

Hello matwilliams19,

I apologize for the delay getting to your log... I am researching the logs now and will return shortly with additional instructions.

Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby Wingman » June 5th, 2011, 4:19 pm

Hello matwilliams19

Again, I apologize for the delay getting back to you.

Step 1.
Create a System Restore Point - Vista

  1. Go to Start > Control Panel > System Maintenance... then click the System icon.
    (If you use Classic View, the System icon will be directly in the Control Panel).
  2. In the left pane click on System Protection. When prompted for confirmation... press OK to continue.
  3. When the Dialog comes up, click on the System protection tab.
  4. See that the drive letter where Windows is located (usually C:) has the box CHECKED.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTL - System Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Minimal Output is selected.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text... do not include the quote box title "Quote'
    :OTL
    SRV - (Lavasoft Ad-Aware Service) -- File not found
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O3 - HKU\S-1-5-21-1305806281-797970954-517909416-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - File not found

    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  9. Please post the contents of report in your next reply.

Step 3.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 4.
Reset IP-Flush DNS-Renew IP
We'll release your IP address settings, flush the DNS resolver cache, then renew you IP address settings.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew
    del %0
  2. Save the Notepad file on your desktop...as DNSreset.bat... save type as "All Files"
    Image
    DNSreset.bat <<------------- you should see this on your desktop.
  3. Double click on DNSreset.bat to run it.
    Vista-W7 users: Right click on DNSreset.bat, select "Run As Administrator" to run it.
    A black CMD window will flash, then disappear...this is normal. The batch file will be deleted when finished.
  4. The IP address settings should be released and renewed and the DNS cache flushed.


Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTL scan results.
  3. MBAM scan results.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby matwilliams19 » June 8th, 2011, 8:27 pm

Hi Wingman,

No problem executing instructions.

I rebooted after completing all steps and the computer is acting the same. No web pages will load and windows sidebar does not load properly.

Regards

Mathew

OTL scan results:


All processes killed
========== OTL ==========
Service Lavasoft Ad-Aware Service stopped successfully!
Service Lavasoft Ad-Aware Service deleted successfully!
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-21-1305806281-797970954-517909416-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nici
->Temp folder emptied: 10158139 bytes
->Temporary Internet Files folder emptied: 7178581 bytes
->Java cache emptied: 11718378 bytes
->Google Chrome cache emptied: 6531331 bytes
->Flash cache emptied: 1455 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 253396 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Nici
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06082011_204549

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

MBAM Log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6808

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/06/2011 11:17:49 PM
mbam-log-2011-06-08 (23-17-49).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 294514
Time elapsed: 2 hour(s), 1 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm

Re: Web Pages will not load

Unread postby Wingman » June 8th, 2011, 10:31 pm

Hello matwilliams19

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.


Step 1.
Create a System Restore Point - Vista

  1. Go to Start > Control Panel > System Maintenance... then click the System icon.
    (If you use Classic View, the System icon will be directly in the Control Panel).
  2. In the left pane click on System Protection. When prompted for confirmation... press OK to continue.
  3. When the Dialog comes up, click on the System protection tab.
  4. See that the drive letter where Windows is located (usually C:) has the box CHECKED.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  4. Press Yes at the Recovery Console installation results prompt...
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  5. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **


Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ComboFix scan results.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby matwilliams19 » June 8th, 2011, 11:56 pm

Hi Wingman,

No problem executing the instructions.

Computer behavior is unchanged.

Log file below:


ComboFix 11-06-08.03 - Nici 09/06/2011 13:16:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2910.1701 [GMT 10:00]
Running from: c:\users\Nici\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nici\AppData\Roaming\EurekaLog
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 03:30 . 2011-06-09 03:34 -------- d-----w- c:\users\Nici\AppData\Local\temp
2011-06-09 03:30 . 2011-06-09 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-09 03:14 . 2011-06-09 03:14 -------- d-----w- C:\32788R22FWJFW
2011-06-08 11:16 . 2011-05-24 09:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{729779A1-99C7-4016-9882-4C9457F56E30}\mpengine.dll
2011-06-08 10:45 . 2011-06-08 10:45 -------- d-----w- C:\_OTL
2011-05-29 05:32 . 2011-05-29 05:32 -------- d-----w- c:\programdata\Nero
2011-05-29 01:16 . 2011-05-29 01:16 -------- d-----w- c:\users\Nici\AppData\Roaming\URSoft
2011-05-28 21:27 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-28 21:27 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-28 21:27 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-28 21:27 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-28 21:27 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-28 21:27 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-28 21:27 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-28 21:27 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-28 21:27 . 2011-05-28 21:27 -------- d-----w- c:\programdata\AVAST Software
2011-05-28 21:27 . 2011-05-28 21:27 -------- d-----w- c:\program files\AVAST Software
2011-05-27 09:10 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 09:10 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 08:20 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-27 08:20 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-27 08:20 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-27 08:19 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-26 09:39 . 2011-05-26 09:39 -------- d-----w- c:\users\Nici\AppData\Roaming\Malwarebytes
2011-05-26 09:39 . 2011-05-26 09:39 -------- d-----w- c:\programdata\Malwarebytes
2011-05-26 09:39 . 2011-06-08 11:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-26 09:19 . 2011-05-26 09:19 -------- d-----w- c:\users\Nici\AppData\Roaming\SUPERAntiSpyware.com
2011-05-26 09:19 . 2011-05-26 09:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-26 09:18 . 2011-05-28 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 09:14 . 2009-10-29 03:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-20 21:14 . 2011-04-20 21:14 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-20 21:14 . 2011-04-20 21:14 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-20 21:14 . 2011-04-20 21:14 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-20 21:14 . 2011-04-20 21:14 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-20 21:14 . 2011-04-20 21:14 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-20 21:14 . 2011-04-20 21:14 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-20 21:14 . 2011-04-20 21:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-20 21:14 . 2011-04-20 21:14 367104 ----a-w- c:\windows\system32\html.iec
2011-04-20 21:13 . 2011-04-20 21:13 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-20 21:13 . 2011-04-20 21:13 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-20 21:13 . 2011-04-20 21:13 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-20 21:13 . 2011-04-20 21:13 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-20 21:13 . 2011-04-20 21:13 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-20 21:13 . 2011-04-20 21:13 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-20 21:13 . 2011-04-20 21:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-20 21:13 . 2011-04-20 21:13 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-20 21:13 . 2011-04-20 21:13 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-20 21:13 . 2011-04-20 21:13 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-20 21:13 . 2011-04-20 21:13 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-20 21:13 . 2011-04-20 21:13 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-20 21:13 . 2011-04-20 21:13 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-13 150552]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 155648]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-28 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.2 HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.2 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.2 HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 04:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-17 83240]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-20 664944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-28 366640]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-12-22 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2009-01-06 109088]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-10 29736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-04-13 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-28 22712]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
yksvcs REG_MULTI_SZ yksvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1305806281-797970954-517909416-1003Core.job
- c:\users\Nici\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-31 07:42]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1305806281-797970954-517909416-1003Core1cc263be0fcfc39.job
- c:\users\Nici\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-31 07:42]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1305806281-797970954-517909416-1003UA.job
- c:\users\Nici\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-31 07:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
SafeBoot-Lavasoft Ad-Aware Service
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Nikon Message Center 2 - c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
AddRemove-{537BF16E-7412-448C-95D8-846E85A1D817} - c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 13:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2804)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-06-09 13:47:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 03:47
.
Pre-Run: 88,099,450,880 bytes free
Post-Run: 87,567,384,576 bytes free
.
- - End Of File - - 9C939BB234E04F28D02EA10FA0C1E060
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm

Re: Web Pages will not load

Unread postby Wingman » June 9th, 2011, 9:57 am

Hello matwilliams19,

Thanks for sticking with me. These things can be frustrating but I don't believe your problem is being caused by malware.
The fact that "everything runs fine" in Safe Mode indicates some program or programs running under "normal" mode are interfering.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Step 1.
Create a System Restore Point - Vista

  1. Go to Start > Control Panel > System Maintenance... then click the System icon.
    (If you use Classic View, the System icon will be directly in the Control Panel).
  2. In the left pane click on System Protection. When prompted for confirmation... press OK to continue.
  3. When the Dialog comes up, click on the System protection tab.
  4. See that the drive letter where Windows is located (usually C:) has the box CHECKED.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the one of the values below, into the open text entry box:
    control appwiz.cpl
    or
    shell:ChangeRemoveProgramsFolder
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Conduit Engine
  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.

Step 3.
Reset Router
Check your owners manual.
These are general instructions for resetting your router, specific routers may have specific user instructions.
  1. On the back of your router there is a little black reset button. Use a pen or paper clip and press down for 10 seconds.
    Make sure the lights on the router stop blinking for one second.
  2. Release the button and make sure to reset your wireless security and network ID.
  3. If that doesn't work... unplug your routers power cord.
    This is the easiest way to reset your Internet connection without resetting your router to factory settings.
  4. If neither of these suggestions work, unplug the power cord of your modem. This completely resets the Internet connection without resetting the router's settings.
  5. Retry your browser... has this resolved the problem?
If your problem with web pages loading is resolved, you do not have to execute Step 4.

Step 4.
Microsoft Fix it
Please go to Microsoft Support: http://support.microsoft.com/kb/923737
  1. Scroll down to and Press the Image icon
  2. Follow any prompts or instructions. Did this resolve the issue?
  3. Please post back and let me know whether the issue has been resolved.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby matwilliams19 » June 9th, 2011, 7:53 pm

Hi Wingman,

No problem uninstalling conduit engine or resetting the router. After doing this the computer is still behaving the same way.

Whilst completing all of your instructions I notice that every now and then google will load properly in Chrome but will not load any other site. Then it reverts back to the google image and a big pause sign. IE only ever brings up a black page.

I could not navigate to microsoft fix it as the web page will not load. I tried in safe mode and the page loaded ok, however fix it will not run in safe mode.

Regards
Mathew
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm

Re: Web Pages will not load

Unread postby Wingman » June 10th, 2011, 9:35 am

Hello Matthew,

OK... we'll try resetting IE manually...

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - Vista

  1. Go to Start > Control Panel > System Maintenance... then click the System icon.
    (If you use Classic View, the System icon will be directly in the Control Panel).
  2. In the left pane click on System Protection. When prompted for confirmation... press OK to continue.
  3. When the Dialog comes up, click on the System protection tab.
  4. See that the drive letter where Windows is located (usually C:) has the box CHECKED.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Reset Internet Explorer Settings
Warning:
When you reset Internet Explorer settings, all add-ons and customizations are deleted, and you basically start with a fresh version of Internet Explorer.

  1. Exit all programs, including Internet Explorer (if it is running).
  2. Click Start.
  3. Type the following command in the Open box, and then press ENTER:
    inetcpl.cpl
    The Internet Options dialog box appears.
  4. Click the Advanced tab.
  5. Under "Reset Internet Explorer settings", click Reset. Then click Reset again.
    When Internet Explorer finishes resetting the settings,
  6. Click Close in the "Reset Internet Explorer Settings" dialog box. Start Internet Explorer again.


Step 3.
Reset IP-Flush DNS-Renew IP
We'll release your IP address settings, flush the DNS resolver cache, then renew you IP address settings.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew
    del %0
  2. Save the Notepad file on your desktop...as DNSreset.bat... save type as "All Files"
  3. Double click on DNSreset.bat to run it.
    Vista-W7 users: Right click on DNSreset.bat, select "Run As Administrator" to run it.
    A black CMD window will flash, then disappear...this is normal. The batch file will be deleted when finished.
  4. The IP address settings should be released and renewed and the DNS cache flushed.

Step 4.
MBRCheck - Scan

Please download MBRCheck.exe ... © a_d_13 to your Desktop.
Alternate links: Link 2 or Link 3
  1. Double-click on MBRCheck.exe to run it.
    Vista - W7 users: Right click MBRCheck.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. A small black window will open, with some information... ...please do not fix anything (if it gives you an option).
  3. If an unknown boot code is detected, additional options will be presented, at this time press N then press Enter twice.
  4. When complete, you should see Done! Press ENTER to exit...... press Enter
    When the scan is done, a file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your desktop.
  5. Please post the contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file in you're next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBRCheck scan results.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby matwilliams19 » June 11th, 2011, 6:30 pm

Hi Wingman,
No problems executing the instructions.
After completing the instructions google chrome and IE seemed to be working ok. Windows sidebar didn't look right. I then rebooted the computer and now chrome and IE are not working again. Same screens not loading properly.

One thing to let you know is I am going on holiday tomorrow for 2 weeks so will not be able to complete any more instructions until 26 June.

Thanks for you help.

Scan results:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NW15G_S
Logical Drives Mask: 0x000000bc

Kernel Drivers (total 167):
0x8240E000 \SystemRoot\system32\ntkrnlpa.exe
0x827C8000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80477000 \SystemRoot\system32\PSHED.dll
0x80488000 \SystemRoot\system32\BOOTVID.dll
0x80490000 \SystemRoot\system32\CLFS.SYS
0x804D1000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AD6000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B08000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B18000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x82B27000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B31000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A00D000 \SystemRoot\system32\drivers\ndis.sys
0x8A118000 \SystemRoot\system32\drivers\msrpc.sys
0x8A143000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A207000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A518000 \SystemRoot\system32\drivers\volsnap.sys
0x8A551000 \SystemRoot\System32\Drivers\spldr.sys
0x8A559000 \SystemRoot\System32\Drivers\mup.sys
0x8A568000 \SystemRoot\System32\drivers\ecache.sys
0x8A58F000 \SystemRoot\system32\drivers\disk.sys
0x8A5A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5E2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DC02000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E500000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5A0000 \SystemRoot\System32\drivers\watchdog.sys
0x8E5AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E5B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A5EB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A30C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A399000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8E805000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E8F1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E901000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E90F000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x8E920000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E93A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E94D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E958000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8E986000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E991000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8E994000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E9B2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E9C1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E9C5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A17E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E9F4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A3E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E5F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BA2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82BB6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82BCB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8079B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A5CA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A1F1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x82BDB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA03000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EC29000 \SystemRoot\system32\drivers\portcls.sys
0x8EC56000 \SystemRoot\system32\drivers\drmk.sys
0x8EC7B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8ECB8000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8EE08000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EEBC000 \SystemRoot\system32\drivers\modem.sys
0x8EEC9000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8EEEA000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8EF5A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EF63000 \SystemRoot\System32\Drivers\Null.SYS
0x8EF6A000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EF71000 \SystemRoot\System32\drivers\vga.sys
0x8EF7D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EF9E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EFA6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EFAE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EFC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EFC7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EFD2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8EDBB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EFF3000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x8EDC9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EDD2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDE8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x82BEC000 \SystemRoot\system32\DRIVERS\smb.sys
0x805B1000 \SystemRoot\system32\drivers\afd.sys
0x8EE00000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F40E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F440000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F456000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F464000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F477000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F49F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F4DB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F4E5000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x8F4E6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F4FD000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8F547000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F550000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F560000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F567000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F57C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x95004000 \SystemRoot\System32\Drivers\bthport.sys
0x98A40000 \SystemRoot\System32\win32k.sys
0x95084000 \SystemRoot\System32\drivers\Dxapi.sys
0x9508E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x950B7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x950C1000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x950DB000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x950EA000 \SystemRoot\system32\drivers\btwavdt.sys
0x9515D000 \SystemRoot\system32\drivers\btwaudio.sys
0x951DE000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x951E8000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x951EB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98C60000 \SystemRoot\System32\TSDDD.dll
0x98C80000 \SystemRoot\System32\cdd.dll
0x8F589000 \SystemRoot\system32\drivers\luafv.sys
0x8F5A4000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x951FA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAB801000 \SystemRoot\system32\drivers\spsys.sys
0xAB8B1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAB8C1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAB8EB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB8F5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB908000 \SystemRoot\system32\drivers\HTTP.sys
0xAB975000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB992000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB9AB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB9C0000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB9E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81407000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81440000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81458000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81480000 \SystemRoot\System32\DRIVERS\srv.sys
0x814E7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x814EB000 \SystemRoot\system32\drivers\peauth.sys
0x815C9000 \SystemRoot\system32\drivers\regi.sys
0x815CB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x815D5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x815E1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x814CF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x815F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8F5DC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x81400000 \??\C:\Windows\system32\drivers\mbam.sys
0xC8A19000 \SystemRoot\System32\Drivers\fastfat.SYS
0xC8A41000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77A70000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
600 C:\Windows\System32\smss.exe
680 csrss.exe
732 C:\Windows\System32\wininit.exe
744 csrss.exe
776 C:\Windows\System32\services.exe
792 C:\Windows\System32\lsass.exe
800 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\winlogon.exe
992 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\audiodg.exe
1372 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\SLsvc.exe
1460 C:\Windows\System32\svchost.exe
1604 C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
1660 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\svchost.exe
1792 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1928 C:\Windows\System32\dwm.exe
1960 C:\Windows\explorer.exe
1632 C:\Windows\System32\taskeng.exe
1668 C:\Windows\System32\spoolsv.exe
1536 C:\Windows\System32\svchost.exe
2068 C:\Windows\System32\taskeng.exe
2276 C:\Windows\System32\igfxsrvc.exe
2284 C:\Windows\System32\hkcmd.exe
2400 C:\Windows\System32\igfxpers.exe
2436 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
2492 C:\Program Files\Apoint\Apoint.exe
2536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2608 C:\Program Files\Bonjour\mDNSResponder.exe
2616 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
2628 C:\Windows\System32\svchost.exe
2652 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2664 C:\Windows\System32\taskeng.exe
2788 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
2892 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3020 C:\Program Files\Sony\Network Utility\NSUService.exe
3092 C:\Windows\System32\svchost.exe
3140 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3180 C:\Windows\System32\svchost.exe
3228 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
3372 C:\Program Files\iTunes\iTunesHelper.exe
3388 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3408 C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
3448 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
3472 C:\Program Files\Windows Sidebar\sidebar.exe
3516 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
3528 C:\Program Files\Sony\Network Utility\LANUtil.exe
3580 C:\Windows\ehome\ehtray.exe
3600 dllhost.exe
3700 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
3724 C:\Windows\ehome\ehmsas.exe
3772 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
3804 C:\Program Files\Windows Sidebar\sidebar.exe
3824 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3868 C:\Windows\System32\svchost.exe
3904 C:\Windows\System32\SearchIndexer.exe
4032 C:\Windows\System32\drivers\XAudio.exe
1300 WUDFHost.exe
2184 WmiPrvSE.exe
772 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
1524 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
4148 igfxext.exe
4204 igfxsrvc.exe
4224 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
4360 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4376 C:\Program Files\iPod\bin\iPodService.exe
4484 dllhost.exe
4524 C:\Windows\System32\svchost.exe
5248 C:\Program Files\Apoint\ApMsgFwd.exe
5488 C:\Program Files\Apoint\ApntEx.exe
5496 C:\Program Files\Apoint\Apvfb.exe
4180 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1176 C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
5180 C:\Windows\System32\conime.exe
5472 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
920 C:\Windows\System32\msiexec.exe
5432 C:\Windows\System32\svchost.exe
4988 C:\Windows\System32\conime.exe
2784 C:\Windows\System32\mobsync.exe
5456 taskeng.exe
6020 C:\Users\Nici\Desktop\MBRCheck.exe
2364 Sf.bin

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`16600000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG001A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm

Re: Web Pages will not load

Unread postby Wingman » June 11th, 2011, 6:57 pm

Hello matwilliams19,

The MBRCheck scan indicates a Windows 2008 MBR record. Is this Windows Server 2008?

Is this machine connected to a business network?
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Web Pages will not load

Unread postby matwilliams19 » June 11th, 2011, 7:39 pm

Hi there,
No it's just a home laptop, not used for business at all and not connected to a server.
Regards
Mathew
matwilliams19
Active Member
 
Posts: 8
Joined: May 28th, 2011, 11:01 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware