Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit Virus not cured ? [Solved]

Started by maradei , Mar 27 2012 04:26 PM

  • This topic is locked This topic is locked

#1
maradei
Posted 27 March 2012 - 04:26 PM

maradei

    Member

  • Member
  • PipPipPip
  • 145 posts
I just ran avira and see that I have the below virus's identified?(report below as is otl) I had previously had you guys help me remove the Google redirect virus.Is it possible that this is leftover? I was alerted to this by getting an error on my windows update-"Some updates were not installed".Failed :1 update- Windows Update 8007007E failed. Have windows 7 on sony laptop. Please advise
much thanks-Mark
________________________________________________________________________________________________________________________________________________________________


Avira Free Antivirus
Report file date: Tuesday, March 27, 2012 10:56

Scanning for 3607267 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MARK-VAIO

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 1/31/2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 1/31/2012 15:56:54
AVSCAN.DLL : 12.1.0.18 54224 Bytes 1/31/2012 15:57:27
LUKE.DLL : 12.1.0.19 68304 Bytes 1/31/2012 15:57:02
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 1/31/2012 15:56:54
AVREG.DLL : 12.1.0.29 228048 Bytes 1/31/2012 15:56:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 15:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 17:36:46
VBASE004.VDF : 7.11.21.239 2048 Bytes 2/1/2012 17:37:44
VBASE005.VDF : 7.11.21.240 2048 Bytes 2/1/2012 17:37:44
VBASE006.VDF : 7.11.21.241 2048 Bytes 2/1/2012 17:37:45
VBASE007.VDF : 7.11.21.242 2048 Bytes 2/1/2012 17:37:45
VBASE008.VDF : 7.11.21.243 2048 Bytes 2/1/2012 17:37:46
VBASE009.VDF : 7.11.21.244 2048 Bytes 2/1/2012 17:37:46
VBASE010.VDF : 7.11.21.245 2048 Bytes 2/1/2012 17:37:46
VBASE011.VDF : 7.11.21.246 2048 Bytes 2/1/2012 17:37:46
VBASE012.VDF : 7.11.21.247 2048 Bytes 2/1/2012 17:37:48
VBASE013.VDF : 7.11.22.33 1486848 Bytes 2/3/2012 17:39:53
VBASE014.VDF : 7.11.22.56 687616 Bytes 2/3/2012 17:40:43
VBASE015.VDF : 7.11.22.92 178176 Bytes 2/6/2012 17:41:01
VBASE016.VDF : 7.11.22.154 144896 Bytes 2/8/2012 17:41:20
VBASE017.VDF : 7.11.22.220 183296 Bytes 2/13/2012 17:41:38
VBASE018.VDF : 7.11.23.34 202752 Bytes 2/15/2012 17:41:53
VBASE019.VDF : 7.11.23.98 126464 Bytes 2/17/2012 17:42:00
VBASE020.VDF : 7.11.23.150 148480 Bytes 2/20/2012 17:42:12
VBASE021.VDF : 7.11.23.224 172544 Bytes 2/23/2012 17:42:23
VBASE022.VDF : 7.11.24.52 219648 Bytes 2/28/2012 17:42:45
VBASE023.VDF : 7.11.24.152 165888 Bytes 3/5/2012 17:42:56
VBASE024.VDF : 7.11.24.204 177664 Bytes 3/7/2012 17:43:11
VBASE025.VDF : 7.11.25.30 245248 Bytes 3/12/2012 17:43:30
VBASE026.VDF : 7.11.25.121 252416 Bytes 3/15/2012 17:43:49
VBASE027.VDF : 7.11.25.177 202752 Bytes 3/20/2012 18:13:55
VBASE028.VDF : 7.11.25.233 169984 Bytes 3/23/2012 18:14:33
VBASE029.VDF : 7.11.25.234 2048 Bytes 3/23/2012 18:14:33
VBASE030.VDF : 7.11.25.235 2048 Bytes 3/23/2012 18:14:35
VBASE031.VDF : 7.11.26.14 243712 Bytes 3/26/2012 00:52:43
Engineversion : 8.2.10.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 1/31/2012 15:56:42
AESCRIPT.DLL : 8.1.4.13 442746 Bytes 3/23/2012 18:18:06
AESCN.DLL : 8.1.8.2 131444 Bytes 3/17/2012 17:47:43
AESBX.DLL : 8.2.5.5 606579 Bytes 3/17/2012 17:48:23
AERDL.DLL : 8.1.9.15 639348 Bytes 1/31/2012 15:56:42
AEPACK.DLL : 8.2.16.7 803190 Bytes 3/23/2012 18:17:50
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/31/2012 15:56:41
AEHEUR.DLL : 8.1.4.8 4514165 Bytes 3/23/2012 18:17:24
AEHELP.DLL : 8.1.19.0 254327 Bytes 3/17/2012 17:44:58
AEGEN.DLL : 8.1.5.23 409973 Bytes 3/17/2012 17:44:49
AEEXP.DLL : 8.1.0.25 74101 Bytes 3/17/2012 17:48:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/31/2012 15:56:38
AECORE.DLL : 8.1.25.6 201078 Bytes 3/17/2012 17:44:28
AEBB.DLL : 8.1.1.0 53618 Bytes 1/31/2012 15:56:38
AVWINLL.DLL : 12.1.0.17 27344 Bytes 1/31/2012 15:56:55
AVPREF.DLL : 12.1.0.17 51920 Bytes 1/31/2012 15:56:53
AVREP.DLL : 12.1.0.17 179408 Bytes 1/31/2012 15:56:53
AVARKT.DLL : 12.1.0.23 209360 Bytes 1/31/2012 15:56:49
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 1/31/2012 15:56:50
SQLITE3.DLL : 3.7.0.0 398288 Bytes 1/31/2012 15:57:08
AVSMTP.DLL : 12.1.0.17 62928 Bytes 1/31/2012 15:56:54
NETNT.DLL : 12.1.0.17 17104 Bytes 1/31/2012 15:57:04
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 1/31/2012 15:57:30
RCTEXT.DLL : 12.1.1.16 96208 Bytes 1/31/2012 15:57:30

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Tuesday, March 27, 2012 10:56

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avcenter.exe' - '105' Module(s) have been scanned
Scan process 'VCService.exe' - '31' Module(s) have been scanned
Scan process 'UNS.exe' - '41' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '29' Module(s) have been scanned
Scan process 'listener.exe' - '23' Module(s) have been scanned
Scan process 'Oasis2Service.exe' - '109' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '22' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
Scan process 'VAIO Messenger.exe' - '117' Module(s) have been scanned
Scan process 'KeyboardShortcuts.exe' - '90' Module(s) have been scanned
Scan process 'firefox.exe' - '115' Module(s) have been scanned
Scan process 'distnoted.exe' - '33' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'EEventManager.exe' - '74' Module(s) have been scanned
Scan process 'PMBVolumeWatcher.exe' - '55' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '49' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '49' Module(s) have been scanned
Scan process 'ubd.exe' - '77' Module(s) have been scanned
Scan process 'Jing.exe' - '125' Module(s) have been scanned
Scan process 'lxdvamon.exe' - '61' Module(s) have been scanned
Scan process 'lxdvmon.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '35' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '65' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '52' Module(s) have been scanned
Scan process 'VESMgr.exe' - '37' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '22' Module(s) have been scanned
Scan process 'PMBDeviceInfoProvider.exe' - '29' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '64' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1283' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan

Beginning disinfection:
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '49f3985f.qua'.
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5164b7f8.qua'.


End of the scan: Tuesday, March 27, 2012 14:48
Used time: 3:51:29 Hour(s)

The scan has been done completely.

32290 Scanned directories
530966 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
530964 Files not concerned
20834 Archives were scanned
0 Warnings
6 Notes
650943 Objects were scanned with rootkit scan
4 Hidden objects were found




Avira Free Antivirus
Report file date: Tuesday, March 27, 2012 10:56

Scanning for 3607267 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MARK-VAIO

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 1/31/2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 1/31/2012 15:56:54
AVSCAN.DLL : 12.1.0.18 54224 Bytes 1/31/2012 15:57:27
LUKE.DLL : 12.1.0.19 68304 Bytes 1/31/2012 15:57:02
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 1/31/2012 15:56:54
AVREG.DLL : 12.1.0.29 228048 Bytes 1/31/2012 15:56:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 15:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 17:36:46
VBASE004.VDF : 7.11.21.239 2048 Bytes 2/1/2012 17:37:44
VBASE005.VDF : 7.11.21.240 2048 Bytes 2/1/2012 17:37:44
VBASE006.VDF : 7.11.21.241 2048 Bytes 2/1/2012 17:37:45
VBASE007.VDF : 7.11.21.242 2048 Bytes 2/1/2012 17:37:45
VBASE008.VDF : 7.11.21.243 2048 Bytes 2/1/2012 17:37:46
VBASE009.VDF : 7.11.21.244 2048 Bytes 2/1/2012 17:37:46
VBASE010.VDF : 7.11.21.245 2048 Bytes 2/1/2012 17:37:46
VBASE011.VDF : 7.11.21.246 2048 Bytes 2/1/2012 17:37:46
VBASE012.VDF : 7.11.21.247 2048 Bytes 2/1/2012 17:37:48
VBASE013.VDF : 7.11.22.33 1486848 Bytes 2/3/2012 17:39:53
VBASE014.VDF : 7.11.22.56 687616 Bytes 2/3/2012 17:40:43
VBASE015.VDF : 7.11.22.92 178176 Bytes 2/6/2012 17:41:01
VBASE016.VDF : 7.11.22.154 144896 Bytes 2/8/2012 17:41:20
VBASE017.VDF : 7.11.22.220 183296 Bytes 2/13/2012 17:41:38
VBASE018.VDF : 7.11.23.34 202752 Bytes 2/15/2012 17:41:53
VBASE019.VDF : 7.11.23.98 126464 Bytes 2/17/2012 17:42:00
VBASE020.VDF : 7.11.23.150 148480 Bytes 2/20/2012 17:42:12
VBASE021.VDF : 7.11.23.224 172544 Bytes 2/23/2012 17:42:23
VBASE022.VDF : 7.11.24.52 219648 Bytes 2/28/2012 17:42:45
VBASE023.VDF : 7.11.24.152 165888 Bytes 3/5/2012 17:42:56
VBASE024.VDF : 7.11.24.204 177664 Bytes 3/7/2012 17:43:11
VBASE025.VDF : 7.11.25.30 245248 Bytes 3/12/2012 17:43:30
VBASE026.VDF : 7.11.25.121 252416 Bytes 3/15/2012 17:43:49
VBASE027.VDF : 7.11.25.177 202752 Bytes 3/20/2012 18:13:55
VBASE028.VDF : 7.11.25.233 169984 Bytes 3/23/2012 18:14:33
VBASE029.VDF : 7.11.25.234 2048 Bytes 3/23/2012 18:14:33
VBASE030.VDF : 7.11.25.235 2048 Bytes 3/23/2012 18:14:35
VBASE031.VDF : 7.11.26.14 243712 Bytes 3/26/2012 00:52:43
Engineversion : 8.2.10.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 1/31/2012 15:56:42
AESCRIPT.DLL : 8.1.4.13 442746 Bytes 3/23/2012 18:18:06
AESCN.DLL : 8.1.8.2 131444 Bytes 3/17/2012 17:47:43
AESBX.DLL : 8.2.5.5 606579 Bytes 3/17/2012 17:48:23
AERDL.DLL : 8.1.9.15 639348 Bytes 1/31/2012 15:56:42
AEPACK.DLL : 8.2.16.7 803190 Bytes 3/23/2012 18:17:50
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/31/2012 15:56:41
AEHEUR.DLL : 8.1.4.8 4514165 Bytes 3/23/2012 18:17:24
AEHELP.DLL : 8.1.19.0 254327 Bytes 3/17/2012 17:44:58
AEGEN.DLL : 8.1.5.23 409973 Bytes 3/17/2012 17:44:49
AEEXP.DLL : 8.1.0.25 74101 Bytes 3/17/2012 17:48:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/31/2012 15:56:38
AECORE.DLL : 8.1.25.6 201078 Bytes 3/17/2012 17:44:28
AEBB.DLL : 8.1.1.0 53618 Bytes 1/31/2012 15:56:38
AVWINLL.DLL : 12.1.0.17 27344 Bytes 1/31/2012 15:56:55
AVPREF.DLL : 12.1.0.17 51920 Bytes 1/31/2012 15:56:53
AVREP.DLL : 12.1.0.17 179408 Bytes 1/31/2012 15:56:53
AVARKT.DLL : 12.1.0.23 209360 Bytes 1/31/2012 15:56:49
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 1/31/2012 15:56:50
SQLITE3.DLL : 3.7.0.0 398288 Bytes 1/31/2012 15:57:08
AVSMTP.DLL : 12.1.0.17 62928 Bytes 1/31/2012 15:56:54
NETNT.DLL : 12.1.0.17 17104 Bytes 1/31/2012 15:57:04
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 1/31/2012 15:57:30
RCTEXT.DLL : 12.1.1.16 96208 Bytes 1/31/2012 15:57:30

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Tuesday, March 27, 2012 10:56

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avcenter.exe' - '105' Module(s) have been scanned
Scan process 'VCService.exe' - '31' Module(s) have been scanned
Scan process 'UNS.exe' - '41' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '29' Module(s) have been scanned
Scan process 'listener.exe' - '23' Module(s) have been scanned
Scan process 'Oasis2Service.exe' - '109' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '22' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
Scan process 'VAIO Messenger.exe' - '117' Module(s) have been scanned
Scan process 'KeyboardShortcuts.exe' - '90' Module(s) have been scanned
Scan process 'firefox.exe' - '115' Module(s) have been scanned
Scan process 'distnoted.exe' - '33' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'EEventManager.exe' - '74' Module(s) have been scanned
Scan process 'PMBVolumeWatcher.exe' - '55' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '49' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '49' Module(s) have been scanned
Scan process 'ubd.exe' - '77' Module(s) have been scanned
Scan process 'Jing.exe' - '125' Module(s) have been scanned
Scan process 'lxdvamon.exe' - '61' Module(s) have been scanned
Scan process 'lxdvmon.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '35' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '65' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '52' Module(s) have been scanned
Scan process 'VESMgr.exe' - '37' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '22' Module(s) have been scanned
Scan process 'PMBDeviceInfoProvider.exe' - '29' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '64' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1283' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan

Beginning disinfection:
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '49f3985f.qua'.
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5164b7f8.qua'.


End of the scan: Tuesday, March 27, 2012 14:48
Used time: 3:51:29 Hour(s)

The scan has been done completely.

32290 Scanned directories
530966 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
530964 Files not concerned
20834 Archives were scanned
0 Warnings
6 Notes
650943 Objects were scanned with rootkit scan
4 Hidden objects were found
OTL LOG
OTL Extras logfile created on: 3/28/2012 3:34:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mark\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 42.32% Memory free
7.90 Gb Paging File | 5.03 Gb Available in Paging File | 63.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.26 Gb Total Space | 498.57 Gb Free Space | 85.19% Space Free | Partition Type: NTFS

Computer Name: MARK-VAIO | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Lexmark X5400 Series" = Lexmark X5400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18894D16-5448-4BF9-A128-F7E937322F91}" = OOBE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5248E24-F52C-4FD1-B76F-102460BAFD6B}" = VAIO Help and Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE8974B4-479C-4DBA-8544-9E5342ABB26A}" = Keyboard Shortcuts
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Application Manager for VAIO" = Application Manager for VAIO
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"splashtop" = VAIO Quick Web Access
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2012 11:01:05 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3105

Error - 3/14/2012 11:01:05 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3105

Error - 3/14/2012 11:14:16 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/14/2012 11:14:16 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 794498

Error - 3/14/2012 11:14:16 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 794498

Error - 3/15/2012 1:01:21 AM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/15/2012 1:01:21 AM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 3/15/2012 1:01:21 AM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 3/15/2012 10:40:39 AM | Computer Name = mark-VAIO | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
The process cannot access the file because it is being used by another process.

Error - 3/15/2012 11:11:36 AM | Computer Name = mark-VAIO | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/15/2012 11:32:00 AM | Computer Name = mark-VAIO | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/15/2012 11:32:25 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/15/2012 11:33:13 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/15/2012 11:38:29 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 3/15/2012 11:40:09 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%31

Error - 3/15/2012 1:25:59 PM | Computer Name = mark-VAIO | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.106. The computer with the IP address 192.168.1.112 did
not allow the name to be claimed by this computer.

Error - 3/15/2012 1:30:59 PM | Computer Name = mark-VAIO | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/15/2012 1:31:06 PM | Computer Name = mark-VAIO | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/16/2012 11:15:04 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7022
Description = The VAIO Care Performance Service service hung on starting.

Error - 3/16/2012 11:17:01 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.


< End of report >

Edited by maradei, 28 March 2012 - 04:45 PM.

  • 0

Advertisements

#2
maliprog
Posted 04 April 2012 - 11:50 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maradei,

This is all quarantine files that are detected by Avira. Don't worry.


It's a 315Mb download, but you might want to consider installing the Windows Update Readiness Tool first.

Download Details - Microsoft Download Center - System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [August 2011]

Also, when you get to a stage when you can install updates, install them in small batches rather than a huge bunch of them.

You can also get Microsoft support for Windows updates problems.

http://support.micro...om/ph/6527#tab0

Please let me know results.
  • 0

#3
maradei
Posted 07 April 2012 - 10:16 AM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
Hi -sorry for the delay missed the email-I was able to download that system Update Readiness Tool for Windows but still unable to download the update "definition update for windows defender kb915597 definition 1.123.12222.0. Update is telling me I have to still install this and Im getting the same fail message..
thank you-
Mark
  • 0

#4
maliprog
Posted 09 April 2012 - 11:29 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maradei,

Please open new topic in Windows Vista™ and Windows 7™ and they will help you with your problem. Tell them that you are clean from malware.

I'll leave this topic open in case something comes around.
  • 0

#5
maliprog
Posted 14 April 2012 - 02:00 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP