also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

[Inactive] [A] Vista Anitvirus cleared but left with no internet

Discussion in 'Virus and Malware Removal' started by ecko840, Dec 27, 2011.

Thread Status:
Not open for further replies.

  1. ecko840 Newcomer, in training

    I know this is a common problem lately but I have not found any posts with a solution that will work for me. Vista Antivirus is gone but now I am getting a "local only" on my networks. Looks like I'm not getting an IP and a static IP is not working either.

    These are my results after running FSS:

    Farbar Service Scanner
    Ran by Dayi (administrator) on 27-12-2011 at 01:31:32
    Microsoft® Windows Vista™ Business Service Pack 2 (X86)
    Boot Mode: Nerwork
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is blocked.
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returend error: Other errors


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    ecko840, Dec 27, 2011
    #1

  2. Broni Malware Annihilator

    Welcome aboard [IMG]

    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Apply Fixit from: http://support.microsoft.com/kb/811259/en-us

    Restart computer.

    Post new FSS log.
    Broni, Dec 27, 2011
    #2

  3. ecko840 Newcomer, in training

    Thanks for the reply Broni!

    I did exactly as you said and am still having the same as you said and still no luck. When I do the netsh int ip reset reset.log is get this:

    Reseting Echo Request Failed.
    Access is denied.

    Reseting Interface, OK!
    A reboot is required to complete this action

    -----

    Is this normal? Below is my new FSS log. Thanks for your help!

    -----


    Farbar Service Scanner
    Ran by Dayi (administrator) on 27-12-2011 at 19:41:20
    Microsoft® Windows Vista™ Business Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is blocked.
    There is no connection to network.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returend error: Other errors


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    ecko840, Dec 27, 2011
    #3

  4. Broni Malware Annihilator

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Dec 27, 2011
    #4

  5. ecko840 Newcomer, in training

    I tried running Combofix multiple times yesterday but it never begins to scan. I left it there for over 4 hours yesterday before I closed it. Do you recommend that I try it again and leave it over night?
    ecko840, Dec 27, 2011
    #5

  6. Broni Malware Annihilator

    No.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Complete as many steps as you can.
    Broni, Dec 27, 2011
    #6

  7. ecko840 Newcomer, in training

    Thank you again for your help. I followed your instructions and below are the log files.


    Avira Free Antivirus
    Report file date: Tuesday, December 27, 2011 20:21

    Scanning for 3579985 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : Dayi
    Computer name : DAYI-PC

    Version information:
    BUILD.DAT : 12.0.0.872 41826 Bytes 12/15/2011 17:24:00
    AVSCAN.EXE : 12.1.0.18 490448 Bytes 12/15/2011 20:00:13
    AVSCAN.DLL : 12.1.0.17 54224 Bytes 12/15/2011 20:00:31
    LUKE.DLL : 12.1.0.17 68304 Bytes 12/15/2011 20:00:21
    AVSCPLR.DLL : 12.1.0.21 99536 Bytes 12/15/2011 20:00:13
    AVREG.DLL : 12.1.0.27 227536 Bytes 12/15/2011 20:00:13
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:33:08
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 05:33:09
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 05:33:10
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 05:33:11
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 05:33:12
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 05:33:16
    VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 20:00:26
    VBASE008.VDF : 7.11.18.32 2132992 Bytes 11/24/2011 20:00:26
    VBASE009.VDF : 7.11.18.33 2048 Bytes 11/24/2011 20:00:26
    VBASE010.VDF : 7.11.18.34 2048 Bytes 11/24/2011 20:00:26
    VBASE011.VDF : 7.11.18.35 2048 Bytes 11/24/2011 20:00:26
    VBASE012.VDF : 7.11.18.36 2048 Bytes 11/24/2011 20:00:26
    VBASE013.VDF : 7.11.18.89 204800 Bytes 11/28/2011 20:00:26
    VBASE014.VDF : 7.11.18.145 143872 Bytes 12/1/2011 20:00:26
    VBASE015.VDF : 7.11.18.180 173056 Bytes 12/2/2011 20:00:27
    VBASE016.VDF : 7.11.18.208 164864 Bytes 12/5/2011 20:00:27
    VBASE017.VDF : 7.11.18.239 177152 Bytes 12/6/2011 20:00:27
    VBASE018.VDF : 7.11.19.36 171520 Bytes 12/9/2011 20:00:27
    VBASE019.VDF : 7.11.19.77 144896 Bytes 12/13/2011 20:00:27
    VBASE020.VDF : 7.11.19.115 177664 Bytes 12/15/2011 08:11:58
    VBASE021.VDF : 7.11.19.116 2048 Bytes 12/15/2011 08:11:58
    VBASE022.VDF : 7.11.19.117 2048 Bytes 12/15/2011 08:11:58
    VBASE023.VDF : 7.11.19.118 2048 Bytes 12/15/2011 08:11:58
    VBASE024.VDF : 7.11.19.119 2048 Bytes 12/15/2011 08:11:58
    VBASE025.VDF : 7.11.19.120 2048 Bytes 12/15/2011 08:11:58
    VBASE026.VDF : 7.11.19.121 2048 Bytes 12/15/2011 08:11:58
    VBASE027.VDF : 7.11.19.122 2048 Bytes 12/15/2011 08:11:58
    VBASE028.VDF : 7.11.19.123 2048 Bytes 12/15/2011 08:11:58
    VBASE029.VDF : 7.11.19.124 2048 Bytes 12/15/2011 08:11:58
    VBASE030.VDF : 7.11.19.125 2048 Bytes 12/15/2011 08:11:58
    VBASE031.VDF : 7.11.19.131 73728 Bytes 12/15/2011 18:50:12
    Engineversion : 8.2.8.2
    AEVDF.DLL : 8.1.2.2 106868 Bytes 12/15/2011 20:00:10
    AESCRIPT.DLL : 8.1.3.90 491899 Bytes 12/15/2011 20:00:10
    AESCN.DLL : 8.1.7.2 127349 Bytes 12/15/2011 05:32:23
    AESBX.DLL : 8.2.4.5 434549 Bytes 12/15/2011 20:00:09
    AERDL.DLL : 8.1.9.15 639348 Bytes 12/15/2011 05:32:23
    AEPACK.DLL : 8.2.15.1 770423 Bytes 12/15/2011 20:00:09
    AEOFFICE.DLL : 8.1.2.23 201083 Bytes 12/15/2011 20:00:08
    AEHEUR.DLL : 8.1.3.6 3895670 Bytes 12/15/2011 20:00:08
    AEHELP.DLL : 8.1.18.0 254327 Bytes 12/15/2011 20:00:06
    AEGEN.DLL : 8.1.5.17 405877 Bytes 12/15/2011 20:00:06
    AEEMU.DLL : 8.1.3.0 393589 Bytes 12/15/2011 05:32:19
    AECORE.DLL : 8.1.24.0 196983 Bytes 12/15/2011 20:00:05
    AEBB.DLL : 8.1.1.0 53618 Bytes 12/15/2011 05:32:19
    AVWINLL.DLL : 12.1.0.17 27344 Bytes 12/15/2011 20:00:16
    AVPREF.DLL : 12.1.0.17 51920 Bytes 12/15/2011 20:00:12
    AVREP.DLL : 12.1.0.17 179408 Bytes 12/15/2011 20:00:13
    AVARKT.DLL : 12.1.0.19 208848 Bytes 12/15/2011 20:00:10
    AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 12/15/2011 20:00:12
    SQLITE3.DLL : 3.7.0.0 398288 Bytes 12/15/2011 20:00:24
    AVSMTP.DLL : 12.1.0.17 62928 Bytes 12/15/2011 20:00:14
    NETNT.DLL : 12.1.0.17 17104 Bytes 12/15/2011 20:00:21
    RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 12/15/2011 20:00:34
    RCTEXT.DLL : 12.1.1.16 96208 Bytes 12/15/2011 20:00:34

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
    Logging.............................: default
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: Tuesday, December 27, 2011 20:21

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!

    Start scanning boot sectors:

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned
    Scan process 'InputPersonalization.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'VCSW.exe' - '1' Module(s) have been scanned
    Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'QBCFMonitorService.exe' - '1' Module(s) have been scanned
    Scan process 'PMBDeviceInfoProvider.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'FABS.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ACService.exe' - '1' Module(s) have been scanned
    Scan process 'VAServ.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'Bridge.exe' - '1' Module(s) have been scanned
    Scan process 'PMBVolumeWatcher.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'AppMonUtility.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'VCUServe.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'Dwm.exe' - '1' Module(s) have been scanned
    Scan process 'TabTip.exe' - '1' Module(s) have been scanned
    Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'TabTip.exe' - '1' Module(s) have been scanned
    Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '5813' files ).



    End of the scan: Tuesday, December 27, 2011 20:23
    Used time: 01:08 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    6527 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    6527 Files not concerned
    34 Archives were scanned
    0 Warnings
    0 Notes

    ----

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    12/27/2011 8:32:15 PM
    mbam-log-2011-12-27 (20-32-15).txt

    Scan type: Quick scan
    Objects scanned: 168824
    Time elapsed: 5 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-27 20:35:41
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500JS-58NCB1 rev.10.02E02
    Running: krtrr88u.exe; Driver: C:\Users\Dayi\AppData\Local\Temp\kxldapod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Dayi at 20:36:45 on 2011-12-27
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1150 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\explorer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    mURLSearchHooks: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    BHO: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    TB: {0974848A-B5BC-49F2-9778-307742B4A55D} - No File
    TB: {1C9B96A0-CBA2-482E-9C40-9200B547123A} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
    TB: {00000000-0000-0000-0000-000000000000} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Akamai NetSession Interface] c:\users\dayi\appdata\local\akamai\netsession_win.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaioac~1.lnk - c:\program files\sony\vaio action setup\VAServ.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-27 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-27 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-27 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-27 74640]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-26 398176]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-2-12 72704]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-2-12 43904]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-2-12 30976]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-2-12 227328]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
    S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-12-1 28933976]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2006-12-27 741376]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2006-12-27 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2006-12-27 1089536]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
    S4 Vaipdchesv;Vaipdchesv; [x]
    S4 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-7-14 44776]
    .
    =============== Created Last 30 ================
    .
    2011-12-28 01:26:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-28 01:26:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-28 01:20:33 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-28 01:20:33 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-28 01:20:28 -------- d-----w- c:\programdata\Avira
    2011-12-28 01:20:28 -------- d-----w- c:\program files\Avira
    2011-12-28 01:02:51 -------- d-s---w- C:\ComboFix
    2011-12-27 05:47:42 -------- d-----w- c:\program files\HitmanPro
    2011-12-27 05:47:03 -------- d-----w- c:\programdata\HitmanPro
    2011-12-27 04:50:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-27 04:50:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-12-27 04:43:14 -------- d-----w- C:\_OTL
    2011-12-27 03:45:11 313120 ----a-w- c:\windows\system32\drivers\yk60x86.sys
    2011-12-27 00:36:10 -------- d-----w- c:\program files\CCleaner
    2011-12-26 17:00:34 98816 ----a-w- c:\windows\sed.exe
    2011-12-26 17:00:34 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-26 17:00:34 256000 ----a-w- c:\windows\PEV.exe
    2011-12-26 17:00:34 208896 ----a-w- c:\windows\MBR.exe
    2011-12-15 08:03:57 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 08:03:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-15 08:03:52 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 08:03:33 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 08:03:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-15 08:03:10 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 08:02:55 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-14 13:48:50 352256 ----a-w- c:\users\dayi\appdata\local\fum.exe
    2011-12-12 01:24:17 -------- d-----w- c:\users\dayi\appdata\roaming\Malwarebytes
    2011-12-12 01:24:10 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2011-12-27 01:53:20 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-11-20 15:30:03 75 --sh--r- c:\windows\CT5PRET.BIN
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 20:37:34.47 ===============

    ---
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/22/2007 12:28:18 PM
    System Uptime: 12/27/2011 7:59:16 PM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | N/A | 1667/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 227 GiB total, 149.808 GiB free.
    E: is Removable
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: LAN-Express AS IEEE 802.11g PCI-E Adapter
    Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04231468&REV_01\4&4AB1CD6&0&00E2
    Manufacturer: LAN-Express
    Name: LAN-Express AS IEEE 802.11g PCI-E Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04231468&REV_01\4&4AB1CD6&0&00E2
    Service: LEX_AS_NIC_SERVICE_YNOS
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Microsoft WPD FileSystem Volume Driver
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&80D1681&0&002#
    Manufacturer: (WPD file system device)
    Name: Microsoft WPD FileSystem Volume Driver
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&80D1681&0&002#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Microsoft WPD FileSystem Volume Driver
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#SDDEVICE1#5&80D1681&0&003#
    Manufacturer: (WPD file system device)
    Name: Microsoft WPD FileSystem Volume Driver
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#SDDEVICE1#5&80D1681&0&003#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP1401: 12/26/2011 11:32:46 PM - OTL Restore Point - 12/26/2011 11:32:46 PM
    RP1402: 12/26/2011 11:54:50 PM - Installed Microsoft Fix it 50267
    RP1403: 12/27/2011 7:36:53 PM - Installed Microsoft Fix it 50203
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat 4.0
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color Video Profiles AE CS4
    Adobe Common File Installer
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Digital Editions
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Fonts All
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS2
    Adobe Premiere Pro 1.5
    Adobe Reader 8.1.3
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AppMon Utility
    ArcSoft PhotoStudio 5.5
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Photo Book
    Audacity 1.3.13 (Unicode)
    Avira Free Antivirus
    Bonjour
    Canon CanoScan LiDE 600F User Registration
    Canon CanoScan Toolbox 5.0
    CanoScan LiDE 600F
    Carbonite Online Backup Setup
    CCleaner
    Click to DVD 2.0.05 Menu Data
    Click to DVD 2.6.00
    Corel Paint Shop Pro Photo XI
    Corel Snapfire
    CrazyTalk v5.0 PRO
    eBook Library by Sony
    Facebook Plug-In
    Firebird SQL Server - MAGIX Edition
    FoxTab PDF Converter
    Free RAR Extract Frog
    Google Books Uploader (Java Edition)
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Product Detection
    Inbox Toolbar
    Intel(R) Graphics Media Accelerator Driver
    Internet Explorer Zoom Utility
    iPhoneBrowser
    J2SE Runtime Environment 5.0 Update 7
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 5
    Loquendo TTS: Jorge (Spanish)
    MAGIX Music Maker 16 Premium Download Version
    MAGIX Screenshare
    MAGIX Speed burnR
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MapSource - Americas BlueChart v4.00
    McAfee Security Scan Plus
    Metacafe
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2003 Web Components
    Microsoft Office Professional Edition 2003
    Microsoft SAPI 5.1
    Microsoft Speech SDK 5.1
    Microsoft Speech SDK 5.1 Language Pack
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Netflix Movie Viewer
    OpenMG Secure Module 4.6.01
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PMB
    Presto! PageManager 7.15.14
    PRS-500 USB driver
    QuickBooks Premier: Accountant Edition 2007
    QuickBooks Product Listing Service
    QuickBooks Simple Start Free Starter Edition
    QuickTime
    RealArcade
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Easy Media Creator Home
    SAMSUNG USB Driver for Mobile Phones
    ScanSoft OmniPage SE 4.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Setting Utility Series
    Skype Click to Call
    Skype™ 5.5
    SonicStage 4.2
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Plugins
    Sony Utilities DLL
    Sony Video Shared Library
    Sound Pilot
    Spelling Dictionaries Support For Adobe Reader 8
    Suite Shared Configuration CS4
    SupportSoft Assisted Service
    System Requirements Lab
    Tablet
    Text-To-Speech-Runtime
    TranslatorBar 1 Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VAIO Action Setup
    VAIO Azure Float Wallpaper
    VAIO Camera Capture Utility
    VAIO Camera Utility
    VAIO Central
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Floral Dusk Wallpaper
    VAIO Help And Support
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.0
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool 6.0
    VAIO OOBE
    VAIO Photo 2007
    VAIO Security Center
    VAIO Survey
    VAIO Teal Whisper Wallpaper
    VAIO Update 3
    VAIO Video & Photo Utilities
    Vegas Movie Studio HD Platinum 10.0
    Vegas Pro 9.0
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
    WinDVD for VAIO
    WinRAR archiver
    Xobni
    Xobni Core
    Yontoo Layers 1.10.01
    YouTube Downloader 3.4
    YouTube Downloader Toolbar v1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/27/2011 8:32:59 PM, Error: yukonwlh [101] - Driver status 1
    12/27/2011 8:06:49 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
    12/27/2011 8:03:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/27/2011 8:03:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/27/2011 8:02:50 PM, Error: Service Control Manager [7023] -
    12/27/2011 8:02:49 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7024] - The SQL Server (VAIO_VEDB) service terminated with service-specific error 3417 (0xD59).
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The VAIO Entertainment Database Service service depends on the SQL Server (VAIO_VEDB) service which failed to start because of the following error: The service has returned a service-specific error code.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
    12/27/2011 8:00:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/27/2011 7:59:27 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    12/27/2011 7:39:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    12/27/2011 1:09:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall spldr Wanarpv6
    12/27/2011 1:09:33 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2011 1:09:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/27/2011 1:09:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/27/2011 1:09:00 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    12/27/2011 1:09:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    12/27/2011 1:09:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/26/2011 9:20:06 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/26/2011 9:12:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.13 for the Network Card with network address 00197DD41478 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/26/2011 9:03:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 00197DD41478 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    12/26/2011 6:47:59 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:47 PM on 12/26/2011 was unexpected.
    12/26/2011 4:07:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/26/2011 4:04:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    12/26/2011 4:04:52 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/26/2011 11:59:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2011 11:58:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/26/2011 11:58:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/26/2011 10:47:18 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    .
    ==== End Of File ===========================
    ecko840, Dec 27, 2011
    #7

  8. Broni Malware Annihilator

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
    Broni, Dec 27, 2011
    #8

  9. ecko840 Newcomer, in training

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-27 21:06:17
    -----------------------------
    21:06:17.528 OS Version: Windows 6.0.6002 Service Pack 2
    21:06:17.529 Number of processors: 2 586 0xF02
    21:06:17.530 ComputerName: DAYI-PC UserName: Dayi
    21:06:18.941 Initialize success
    21:06:33.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    21:06:33.525 Disk 0 Vendor: WDC_WD2500JS-58NCB1 10.02E02 Size: 238475MB BusType: 3
    21:06:33.529 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
    21:06:33.533 Disk 1 Vendor: ( Size: 238475MB BusType: 0
    21:06:33.538 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
    21:06:33.542 Disk 2 Vendor: ( Size: 238475MB BusType: 0
    21:06:35.561 Disk 0 MBR read successfully
    21:06:35.566 Disk 0 MBR scan
    21:06:35.571 Disk 0 Windows VISTA default MBR code
    21:06:35.592 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6264 MB offset 2048
    21:06:35.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 232209 MB offset 12830720
    21:06:35.617 Disk 0 scanning sectors +488395120
    21:06:35.707 Disk 0 scanning C:\Windows\system32\drivers
    21:06:44.698 Service scanning
    21:06:46.059 Modules scanning
    21:06:52.399 Disk 0 trace - called modules:
    21:06:52.424 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    21:06:52.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859792b8]
    21:06:52.442 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> [0x85200918]
    21:06:52.451 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x851f4660]
    21:06:52.460 Scan finished successfully
    21:07:08.001 Disk 0 MBR has been saved successfully to "D:\5step\MBR.dat"
    21:07:08.401 The log file has been saved successfully to "D:\5step\aswMBR.txt"
    ecko840, Dec 27, 2011
    #9

  10. Broni Malware Annihilator

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
    Broni, Dec 27, 2011
    #10

  11. ecko840 Newcomer, in training

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Business Edition Service Pack 2 (build 6002)
    , 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`87900000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    ecko840, Dec 27, 2011
    #11

  12. Broni Malware Annihilator

    All looks good.

    Delete your Combofix file and the follow instructions from my reply #4.
    Make sure you read it all including this section:
    Broni, Dec 27, 2011
    #12
Thread Status:
Not open for further replies.