Inactive [A] Vista Anitvirus cleared but left with no internet

[ecko840]

I know this is a common problem lately but I have not found any posts with a solution that will work for me. Vista Antivirus is gone but now I am getting a "local only" on my networks. Looks like I'm not getting an IP and a static IP is not working either.

These are my results after running FSS:

Farbar Service Scanner
Ran by Dayi (administrator) on 27-12-2011 at 01:31:32
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Welcome aboard

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Apply Fixit from: http://support.microsoft.com/kb/811259/en-us

Restart computer.

Post new FSS log.

 

[ecko840]

Thanks for the reply Broni!

I did exactly as you said and am still having the same as you said and still no luck. When I do the netsh int ip reset reset.log is get this:

Reseting Echo Request Failed.
Access is denied.

Reseting Interface, OK!
A reboot is required to complete this action

-----

Is this normal? Below is my new FSS log. Thanks for your help!

-----


Farbar Service Scanner
Ran by Dayi (administrator) on 27-12-2011 at 19:41:20
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[ecko840]

I tried running Combofix multiple times yesterday but it never begins to scan. I left it there for over 4 hours yesterday before I closed it. Do you recommend that I try it again and leave it over night?

 

[Broni]

No.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Complete as many steps as you can.

 

[ecko840]

Thank you again for your help. I followed your instructions and below are the log files.


Avira Free Antivirus
Report file date: Tuesday, December 27, 2011 20:21

Scanning for 3579985 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Dayi
Computer name : DAYI-PC

Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 12/15/2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 12/15/2011 20:00:13
AVSCAN.DLL : 12.1.0.17 54224 Bytes 12/15/2011 20:00:31
LUKE.DLL : 12.1.0.17 68304 Bytes 12/15/2011 20:00:21
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 12/15/2011 20:00:13
AVREG.DLL : 12.1.0.27 227536 Bytes 12/15/2011 20:00:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:33:08
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 05:33:09
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 05:33:10
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 05:33:11
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 05:33:12
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 05:33:16
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 20:00:26
VBASE008.VDF : 7.11.18.32 2132992 Bytes 11/24/2011 20:00:26
VBASE009.VDF : 7.11.18.33 2048 Bytes 11/24/2011 20:00:26
VBASE010.VDF : 7.11.18.34 2048 Bytes 11/24/2011 20:00:26
VBASE011.VDF : 7.11.18.35 2048 Bytes 11/24/2011 20:00:26
VBASE012.VDF : 7.11.18.36 2048 Bytes 11/24/2011 20:00:26
VBASE013.VDF : 7.11.18.89 204800 Bytes 11/28/2011 20:00:26
VBASE014.VDF : 7.11.18.145 143872 Bytes 12/1/2011 20:00:26
VBASE015.VDF : 7.11.18.180 173056 Bytes 12/2/2011 20:00:27
VBASE016.VDF : 7.11.18.208 164864 Bytes 12/5/2011 20:00:27
VBASE017.VDF : 7.11.18.239 177152 Bytes 12/6/2011 20:00:27
VBASE018.VDF : 7.11.19.36 171520 Bytes 12/9/2011 20:00:27
VBASE019.VDF : 7.11.19.77 144896 Bytes 12/13/2011 20:00:27
VBASE020.VDF : 7.11.19.115 177664 Bytes 12/15/2011 08:11:58
VBASE021.VDF : 7.11.19.116 2048 Bytes 12/15/2011 08:11:58
VBASE022.VDF : 7.11.19.117 2048 Bytes 12/15/2011 08:11:58
VBASE023.VDF : 7.11.19.118 2048 Bytes 12/15/2011 08:11:58
VBASE024.VDF : 7.11.19.119 2048 Bytes 12/15/2011 08:11:58
VBASE025.VDF : 7.11.19.120 2048 Bytes 12/15/2011 08:11:58
VBASE026.VDF : 7.11.19.121 2048 Bytes 12/15/2011 08:11:58
VBASE027.VDF : 7.11.19.122 2048 Bytes 12/15/2011 08:11:58
VBASE028.VDF : 7.11.19.123 2048 Bytes 12/15/2011 08:11:58
VBASE029.VDF : 7.11.19.124 2048 Bytes 12/15/2011 08:11:58
VBASE030.VDF : 7.11.19.125 2048 Bytes 12/15/2011 08:11:58
VBASE031.VDF : 7.11.19.131 73728 Bytes 12/15/2011 18:50:12
Engineversion : 8.2.8.2
AEVDF.DLL : 8.1.2.2 106868 Bytes 12/15/2011 20:00:10
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 12/15/2011 20:00:10
AESCN.DLL : 8.1.7.2 127349 Bytes 12/15/2011 05:32:23
AESBX.DLL : 8.2.4.5 434549 Bytes 12/15/2011 20:00:09
AERDL.DLL : 8.1.9.15 639348 Bytes 12/15/2011 05:32:23
AEPACK.DLL : 8.2.15.1 770423 Bytes 12/15/2011 20:00:09
AEOFFICE.DLL : 8.1.2.23 201083 Bytes 12/15/2011 20:00:08
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 12/15/2011 20:00:08
AEHELP.DLL : 8.1.18.0 254327 Bytes 12/15/2011 20:00:06
AEGEN.DLL : 8.1.5.17 405877 Bytes 12/15/2011 20:00:06
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/15/2011 05:32:19
AECORE.DLL : 8.1.24.0 196983 Bytes 12/15/2011 20:00:05
AEBB.DLL : 8.1.1.0 53618 Bytes 12/15/2011 05:32:19
AVWINLL.DLL : 12.1.0.17 27344 Bytes 12/15/2011 20:00:16
AVPREF.DLL : 12.1.0.17 51920 Bytes 12/15/2011 20:00:12
AVREP.DLL : 12.1.0.17 179408 Bytes 12/15/2011 20:00:13
AVARKT.DLL : 12.1.0.19 208848 Bytes 12/15/2011 20:00:10
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 12/15/2011 20:00:12
SQLITE3.DLL : 3.7.0.0 398288 Bytes 12/15/2011 20:00:24
AVSMTP.DLL : 12.1.0.17 62928 Bytes 12/15/2011 20:00:14
NETNT.DLL : 12.1.0.17 17104 Bytes 12/15/2011 20:00:21
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 12/15/2011 20:00:34
RCTEXT.DLL : 12.1.1.16 96208 Bytes 12/15/2011 20:00:34

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Tuesday, December 27, 2011 20:21

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'QBCFMonitorService.exe' - '1' Module(s) have been scanned
Scan process 'PMBDeviceInfoProvider.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'FABS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'VAServ.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'Bridge.exe' - '1' Module(s) have been scanned
Scan process 'PMBVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'AppMonUtility.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'VCUServe.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '5813' files ).



End of the scan: Tuesday, December 27, 2011 20:23
Used time: 01:08 Minute(s)

The scan has been done completely.

0 Scanned directories
6527 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
6527 Files not concerned
34 Archives were scanned
0 Warnings
0 Notes

----

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/27/2011 8:32:15 PM
mbam-log-2011-12-27 (20-32-15).txt

Scan type: Quick scan
Objects scanned: 168824
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-27 20:35:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500JS-58NCB1 rev.10.02E02
Running: krtrr88u.exe; Driver: C:\Users\Dayi\AppData\Local\Temp\kxldapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Dayi at 20:36:45 on 2011-12-27
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1150 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
BHO: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
TB: {0974848A-B5BC-49F2-9778-307742B4A55D} - No File
TB: {1C9B96A0-CBA2-482E-9C40-9200B547123A} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Akamai NetSession Interface] c:\users\dayi\appdata\local\akamai\netsession_win.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaioac~1.lnk - c:\program files\sony\vaio action setup\VAServ.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-27 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-27 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-27 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-27 74640]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-2-12 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-2-12 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-2-12 30976]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-2-12 227328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-12-1 28933976]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2006-12-27 741376]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2006-12-27 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2006-12-27 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
S4 Vaipdchesv;Vaipdchesv; [x]
S4 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-7-14 44776]
.
=============== Created Last 30 ================
.
2011-12-28 01:26:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 01:26:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-28 01:20:33 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-28 01:20:33 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-28 01:20:28 -------- d-----w- c:\programdata\Avira
2011-12-28 01:20:28 -------- d-----w- c:\program files\Avira
2011-12-28 01:02:51 -------- d-s---w- C:\ComboFix
2011-12-27 05:47:42 -------- d-----w- c:\program files\HitmanPro
2011-12-27 05:47:03 -------- d-----w- c:\programdata\HitmanPro
2011-12-27 04:50:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-27 04:50:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-27 04:43:14 -------- d-----w- C:\_OTL
2011-12-27 03:45:11 313120 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2011-12-27 00:36:10 -------- d-----w- c:\program files\CCleaner
2011-12-26 17:00:34 98816 ----a-w- c:\windows\sed.exe
2011-12-26 17:00:34 518144 ----a-w- c:\windows\SWREG.exe
2011-12-26 17:00:34 256000 ----a-w- c:\windows\PEV.exe
2011-12-26 17:00:34 208896 ----a-w- c:\windows\MBR.exe
2011-12-15 08:03:57 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 08:03:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 08:03:52 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 08:03:33 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 08:03:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 08:03:10 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 08:02:55 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 13:48:50 352256 ----a-w- c:\users\dayi\appdata\local\fum.exe
2011-12-12 01:24:17 -------- d-----w- c:\users\dayi\appdata\roaming\Malwarebytes
2011-12-12 01:24:10 -------- d-----w- c:\programdata\Malwarebytes
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-12-08 14:01:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-12-27 01:53:20 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-20 15:30:03 75 --sh--r- c:\windows\CT5PRET.BIN
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:37:34.47 ===============

---
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2007 12:28:18 PM
System Uptime: 12/27/2011 7:59:16 PM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | N/A | 1667/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 227 GiB total, 149.808 GiB free.
E: is Removable
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: LAN-Express AS IEEE 802.11g PCI-E Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04231468&REV_01\4&4AB1CD6&0&00E2
Manufacturer: LAN-Express
Name: LAN-Express AS IEEE 802.11g PCI-E Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04231468&REV_01\4&4AB1CD6&0&00E2
Service: LEX_AS_NIC_SERVICE_YNOS
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Microsoft WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&80D1681&0&002#
Manufacturer: (WPD file system device)
Name: Microsoft WPD FileSystem Volume Driver
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&80D1681&0&002#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Microsoft WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#SDDEVICE1#5&80D1681&0&003#
Manufacturer: (WPD file system device)
Name: Microsoft WPD FileSystem Volume Driver
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#SDDEVICE1#5&80D1681&0&003#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1401: 12/26/2011 11:32:46 PM - OTL Restore Point - 12/26/2011 11:32:46 PM
RP1402: 12/26/2011 11:54:50 PM - Installed Microsoft Fix it 50267
RP1403: 12/27/2011 7:36:53 PM - Installed Microsoft Fix it 50203
.
==== Installed Programs ======================
.
.
Adobe Acrobat 4.0
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Common File Installer
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Premiere Pro 1.5
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppMon Utility
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Photo Book
Audacity 1.3.13 (Unicode)
Avira Free Antivirus
Bonjour
Canon CanoScan LiDE 600F User Registration
Canon CanoScan Toolbox 5.0
CanoScan LiDE 600F
Carbonite Online Backup Setup
CCleaner
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Corel Paint Shop Pro Photo XI
Corel Snapfire
CrazyTalk v5.0 PRO
eBook Library by Sony
Facebook Plug-In
Firebird SQL Server - MAGIX Edition
FoxTab PDF Converter
Free RAR Extract Frog
Google Books Uploader (Java Edition)
Google Chrome
Google Talk Plugin
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
Internet Explorer Zoom Utility
iPhoneBrowser
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Loquendo TTS: Jorge (Spanish)
MAGIX Music Maker 16 Premium Download Version
MAGIX Screenshare
MAGIX Speed burnR
Malwarebytes' Anti-Malware version 1.51.2.1300
MapSource - Americas BlueChart v4.00
McAfee Security Scan Plus
Metacafe
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office Professional Edition 2003
Microsoft SAPI 5.1
Microsoft Speech SDK 5.1
Microsoft Speech SDK 5.1 Language Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Netflix Movie Viewer
OpenMG Secure Module 4.6.01
Photoshop Camera Raw
Pixel Bender Toolkit
PMB
Presto! PageManager 7.15.14
PRS-500 USB driver
QuickBooks Premier: Accountant Edition 2007
QuickBooks Product Listing Service
QuickBooks Simple Start Free Starter Edition
QuickTime
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Easy Media Creator Home
SAMSUNG USB Driver for Mobile Phones
ScanSoft OmniPage SE 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Setting Utility Series
Skype Click to Call
Skype™ 5.5
SonicStage 4.2
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Plugins
Sony Utilities DLL
Sony Video Shared Library
Sound Pilot
Spelling Dictionaries Support For Adobe Reader 8
Suite Shared Configuration CS4
SupportSoft Assisted Service
System Requirements Lab
Tablet
Text-To-Speech-Runtime
TranslatorBar 1 Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VAIO Action Setup
VAIO Azure Float Wallpaper
VAIO Camera Capture Utility
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO OOBE
VAIO Photo 2007
VAIO Security Center
VAIO Survey
VAIO Teal Whisper Wallpaper
VAIO Update 3
VAIO Video & Photo Utilities
Vegas Movie Studio HD Platinum 10.0
Vegas Pro 9.0
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
WinDVD for VAIO
WinRAR archiver
Xobni
Xobni Core
Yontoo Layers 1.10.01
YouTube Downloader 3.4
YouTube Downloader Toolbar v1.0
.
==== Event Viewer Messages From Past Week ========
.
12/27/2011 8:32:59 PM, Error: yukonwlh [101] - Driver status 1
12/27/2011 8:06:49 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
12/27/2011 8:03:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/27/2011 8:03:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 8:02:50 PM, Error: Service Control Manager [7023] -
12/27/2011 8:02:49 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
12/27/2011 8:00:35 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7024] - The SQL Server (VAIO_VEDB) service terminated with service-specific error 3417 (0xD59).
12/27/2011 8:00:35 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
12/27/2011 8:00:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The VAIO Entertainment Database Service service depends on the SQL Server (VAIO_VEDB) service which failed to start because of the following error: The service has returned a service-specific error code.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
12/27/2011 8:00:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/27/2011 7:59:27 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/27/2011 7:39:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/27/2011 1:09:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall spldr Wanarpv6
12/27/2011 1:09:33 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2011 1:09:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/27/2011 1:09:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2011 1:09:00 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
12/27/2011 1:09:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
12/27/2011 1:09:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/26/2011 9:20:06 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/26/2011 9:12:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.13 for the Network Card with network address 00197DD41478 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/26/2011 9:03:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 00197DD41478 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/26/2011 6:47:59 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:47 PM on 12/26/2011 was unexpected.
12/26/2011 4:07:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/26/2011 4:04:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
12/26/2011 4:04:52 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2011 11:59:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 11:58:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 11:58:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/26/2011 11:58:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/26/2011 10:47:18 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[ecko840]

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-27 21:06:17
-----------------------------
21:06:17.528 OS Version: Windows 6.0.6002 Service Pack 2
21:06:17.529 Number of processors: 2 586 0xF02
21:06:17.530 ComputerName: DAYI-PC UserName: Dayi
21:06:18.941 Initialize success
21:06:33.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:06:33.525 Disk 0 Vendor: WDC_WD2500JS-58NCB1 10.02E02 Size: 238475MB BusType: 3
21:06:33.529 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
21:06:33.533 Disk 1 Vendor: ( Size: 238475MB BusType: 0
21:06:33.538 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
21:06:33.542 Disk 2 Vendor: ( Size: 238475MB BusType: 0
21:06:35.561 Disk 0 MBR read successfully
21:06:35.566 Disk 0 MBR scan
21:06:35.571 Disk 0 Windows VISTA default MBR code
21:06:35.592 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6264 MB offset 2048
21:06:35.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 232209 MB offset 12830720
21:06:35.617 Disk 0 scanning sectors +488395120
21:06:35.707 Disk 0 scanning C:\Windows\system32\drivers
21:06:44.698 Service scanning
21:06:46.059 Modules scanning
21:06:52.399 Disk 0 trace - called modules:
21:06:52.424 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:06:52.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859792b8]
21:06:52.442 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> [0x85200918]
21:06:52.451 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x851f4660]
21:06:52.460 Scan finished successfully
21:07:08.001 Disk 0 MBR has been saved successfully to "D:\5step\MBR.dat"
21:07:08.401 The log file has been saved successfully to "D:\5step\aswMBR.txt"

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[ecko840]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Business Edition Service Pack 2 (build 6002)
, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`87900000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

All looks good.

Delete your Combofix file and the follow instructions from my reply #4.
Make sure you read it all including this section:

NOTE.
If, for some reason, Combofix refuses to run, try one of the following: