much thanks-Mark
________________________________________________________________________________________________________________________________________________________________
Avira Free Antivirus
Report file date: Tuesday, March 27, 2012 10:56
Scanning for 3607267 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MARK-VAIO
Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 1/31/2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 1/31/2012 15:56:54
AVSCAN.DLL : 12.1.0.18 54224 Bytes 1/31/2012 15:57:27
LUKE.DLL : 12.1.0.19 68304 Bytes 1/31/2012 15:57:02
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 1/31/2012 15:56:54
AVREG.DLL : 12.1.0.29 228048 Bytes 1/31/2012 15:56:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 15:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 17:36:46
VBASE004.VDF : 7.11.21.239 2048 Bytes 2/1/2012 17:37:44
VBASE005.VDF : 7.11.21.240 2048 Bytes 2/1/2012 17:37:44
VBASE006.VDF : 7.11.21.241 2048 Bytes 2/1/2012 17:37:45
VBASE007.VDF : 7.11.21.242 2048 Bytes 2/1/2012 17:37:45
VBASE008.VDF : 7.11.21.243 2048 Bytes 2/1/2012 17:37:46
VBASE009.VDF : 7.11.21.244 2048 Bytes 2/1/2012 17:37:46
VBASE010.VDF : 7.11.21.245 2048 Bytes 2/1/2012 17:37:46
VBASE011.VDF : 7.11.21.246 2048 Bytes 2/1/2012 17:37:46
VBASE012.VDF : 7.11.21.247 2048 Bytes 2/1/2012 17:37:48
VBASE013.VDF : 7.11.22.33 1486848 Bytes 2/3/2012 17:39:53
VBASE014.VDF : 7.11.22.56 687616 Bytes 2/3/2012 17:40:43
VBASE015.VDF : 7.11.22.92 178176 Bytes 2/6/2012 17:41:01
VBASE016.VDF : 7.11.22.154 144896 Bytes 2/8/2012 17:41:20
VBASE017.VDF : 7.11.22.220 183296 Bytes 2/13/2012 17:41:38
VBASE018.VDF : 7.11.23.34 202752 Bytes 2/15/2012 17:41:53
VBASE019.VDF : 7.11.23.98 126464 Bytes 2/17/2012 17:42:00
VBASE020.VDF : 7.11.23.150 148480 Bytes 2/20/2012 17:42:12
VBASE021.VDF : 7.11.23.224 172544 Bytes 2/23/2012 17:42:23
VBASE022.VDF : 7.11.24.52 219648 Bytes 2/28/2012 17:42:45
VBASE023.VDF : 7.11.24.152 165888 Bytes 3/5/2012 17:42:56
VBASE024.VDF : 7.11.24.204 177664 Bytes 3/7/2012 17:43:11
VBASE025.VDF : 7.11.25.30 245248 Bytes 3/12/2012 17:43:30
VBASE026.VDF : 7.11.25.121 252416 Bytes 3/15/2012 17:43:49
VBASE027.VDF : 7.11.25.177 202752 Bytes 3/20/2012 18:13:55
VBASE028.VDF : 7.11.25.233 169984 Bytes 3/23/2012 18:14:33
VBASE029.VDF : 7.11.25.234 2048 Bytes 3/23/2012 18:14:33
VBASE030.VDF : 7.11.25.235 2048 Bytes 3/23/2012 18:14:35
VBASE031.VDF : 7.11.26.14 243712 Bytes 3/26/2012 00:52:43
Engineversion : 8.2.10.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 1/31/2012 15:56:42
AESCRIPT.DLL : 8.1.4.13 442746 Bytes 3/23/2012 18:18:06
AESCN.DLL : 8.1.8.2 131444 Bytes 3/17/2012 17:47:43
AESBX.DLL : 8.2.5.5 606579 Bytes 3/17/2012 17:48:23
AERDL.DLL : 8.1.9.15 639348 Bytes 1/31/2012 15:56:42
AEPACK.DLL : 8.2.16.7 803190 Bytes 3/23/2012 18:17:50
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/31/2012 15:56:41
AEHEUR.DLL : 8.1.4.8 4514165 Bytes 3/23/2012 18:17:24
AEHELP.DLL : 8.1.19.0 254327 Bytes 3/17/2012 17:44:58
AEGEN.DLL : 8.1.5.23 409973 Bytes 3/17/2012 17:44:49
AEEXP.DLL : 8.1.0.25 74101 Bytes 3/17/2012 17:48:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/31/2012 15:56:38
AECORE.DLL : 8.1.25.6 201078 Bytes 3/17/2012 17:44:28
AEBB.DLL : 8.1.1.0 53618 Bytes 1/31/2012 15:56:38
AVWINLL.DLL : 12.1.0.17 27344 Bytes 1/31/2012 15:56:55
AVPREF.DLL : 12.1.0.17 51920 Bytes 1/31/2012 15:56:53
AVREP.DLL : 12.1.0.17 179408 Bytes 1/31/2012 15:56:53
AVARKT.DLL : 12.1.0.23 209360 Bytes 1/31/2012 15:56:49
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 1/31/2012 15:56:50
SQLITE3.DLL : 3.7.0.0 398288 Bytes 1/31/2012 15:57:08
AVSMTP.DLL : 12.1.0.17 62928 Bytes 1/31/2012 15:56:54
NETNT.DLL : 12.1.0.17 17104 Bytes 1/31/2012 15:57:04
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 1/31/2012 15:57:30
RCTEXT.DLL : 12.1.1.16 96208 Bytes 1/31/2012 15:57:30
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: Tuesday, March 27, 2012 10:56
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avcenter.exe' - '105' Module(s) have been scanned
Scan process 'VCService.exe' - '31' Module(s) have been scanned
Scan process 'UNS.exe' - '41' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '29' Module(s) have been scanned
Scan process 'listener.exe' - '23' Module(s) have been scanned
Scan process 'Oasis2Service.exe' - '109' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '22' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
Scan process 'VAIO Messenger.exe' - '117' Module(s) have been scanned
Scan process 'KeyboardShortcuts.exe' - '90' Module(s) have been scanned
Scan process 'firefox.exe' - '115' Module(s) have been scanned
Scan process 'distnoted.exe' - '33' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'EEventManager.exe' - '74' Module(s) have been scanned
Scan process 'PMBVolumeWatcher.exe' - '55' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '49' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '49' Module(s) have been scanned
Scan process 'ubd.exe' - '77' Module(s) have been scanned
Scan process 'Jing.exe' - '125' Module(s) have been scanned
Scan process 'lxdvamon.exe' - '61' Module(s) have been scanned
Scan process 'lxdvmon.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '35' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '65' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '52' Module(s) have been scanned
Scan process 'VESMgr.exe' - '37' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '22' Module(s) have been scanned
Scan process 'PMBDeviceInfoProvider.exe' - '29' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '64' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1283' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
Beginning disinfection:
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '49f3985f.qua'.
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5164b7f8.qua'.
End of the scan: Tuesday, March 27, 2012 14:48
Used time: 3:51:29 Hour(s)
The scan has been done completely.
32290 Scanned directories
530966 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
530964 Files not concerned
20834 Archives were scanned
0 Warnings
6 Notes
650943 Objects were scanned with rootkit scan
4 Hidden objects were found
Avira Free Antivirus
Report file date: Tuesday, March 27, 2012 10:56
Scanning for 3607267 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MARK-VAIO
Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 1/31/2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 1/31/2012 15:56:54
AVSCAN.DLL : 12.1.0.18 54224 Bytes 1/31/2012 15:57:27
LUKE.DLL : 12.1.0.19 68304 Bytes 1/31/2012 15:57:02
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 1/31/2012 15:56:54
AVREG.DLL : 12.1.0.29 228048 Bytes 1/31/2012 15:56:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 15:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 17:36:46
VBASE004.VDF : 7.11.21.239 2048 Bytes 2/1/2012 17:37:44
VBASE005.VDF : 7.11.21.240 2048 Bytes 2/1/2012 17:37:44
VBASE006.VDF : 7.11.21.241 2048 Bytes 2/1/2012 17:37:45
VBASE007.VDF : 7.11.21.242 2048 Bytes 2/1/2012 17:37:45
VBASE008.VDF : 7.11.21.243 2048 Bytes 2/1/2012 17:37:46
VBASE009.VDF : 7.11.21.244 2048 Bytes 2/1/2012 17:37:46
VBASE010.VDF : 7.11.21.245 2048 Bytes 2/1/2012 17:37:46
VBASE011.VDF : 7.11.21.246 2048 Bytes 2/1/2012 17:37:46
VBASE012.VDF : 7.11.21.247 2048 Bytes 2/1/2012 17:37:48
VBASE013.VDF : 7.11.22.33 1486848 Bytes 2/3/2012 17:39:53
VBASE014.VDF : 7.11.22.56 687616 Bytes 2/3/2012 17:40:43
VBASE015.VDF : 7.11.22.92 178176 Bytes 2/6/2012 17:41:01
VBASE016.VDF : 7.11.22.154 144896 Bytes 2/8/2012 17:41:20
VBASE017.VDF : 7.11.22.220 183296 Bytes 2/13/2012 17:41:38
VBASE018.VDF : 7.11.23.34 202752 Bytes 2/15/2012 17:41:53
VBASE019.VDF : 7.11.23.98 126464 Bytes 2/17/2012 17:42:00
VBASE020.VDF : 7.11.23.150 148480 Bytes 2/20/2012 17:42:12
VBASE021.VDF : 7.11.23.224 172544 Bytes 2/23/2012 17:42:23
VBASE022.VDF : 7.11.24.52 219648 Bytes 2/28/2012 17:42:45
VBASE023.VDF : 7.11.24.152 165888 Bytes 3/5/2012 17:42:56
VBASE024.VDF : 7.11.24.204 177664 Bytes 3/7/2012 17:43:11
VBASE025.VDF : 7.11.25.30 245248 Bytes 3/12/2012 17:43:30
VBASE026.VDF : 7.11.25.121 252416 Bytes 3/15/2012 17:43:49
VBASE027.VDF : 7.11.25.177 202752 Bytes 3/20/2012 18:13:55
VBASE028.VDF : 7.11.25.233 169984 Bytes 3/23/2012 18:14:33
VBASE029.VDF : 7.11.25.234 2048 Bytes 3/23/2012 18:14:33
VBASE030.VDF : 7.11.25.235 2048 Bytes 3/23/2012 18:14:35
VBASE031.VDF : 7.11.26.14 243712 Bytes 3/26/2012 00:52:43
Engineversion : 8.2.10.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 1/31/2012 15:56:42
AESCRIPT.DLL : 8.1.4.13 442746 Bytes 3/23/2012 18:18:06
AESCN.DLL : 8.1.8.2 131444 Bytes 3/17/2012 17:47:43
AESBX.DLL : 8.2.5.5 606579 Bytes 3/17/2012 17:48:23
AERDL.DLL : 8.1.9.15 639348 Bytes 1/31/2012 15:56:42
AEPACK.DLL : 8.2.16.7 803190 Bytes 3/23/2012 18:17:50
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/31/2012 15:56:41
AEHEUR.DLL : 8.1.4.8 4514165 Bytes 3/23/2012 18:17:24
AEHELP.DLL : 8.1.19.0 254327 Bytes 3/17/2012 17:44:58
AEGEN.DLL : 8.1.5.23 409973 Bytes 3/17/2012 17:44:49
AEEXP.DLL : 8.1.0.25 74101 Bytes 3/17/2012 17:48:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/31/2012 15:56:38
AECORE.DLL : 8.1.25.6 201078 Bytes 3/17/2012 17:44:28
AEBB.DLL : 8.1.1.0 53618 Bytes 1/31/2012 15:56:38
AVWINLL.DLL : 12.1.0.17 27344 Bytes 1/31/2012 15:56:55
AVPREF.DLL : 12.1.0.17 51920 Bytes 1/31/2012 15:56:53
AVREP.DLL : 12.1.0.17 179408 Bytes 1/31/2012 15:56:53
AVARKT.DLL : 12.1.0.23 209360 Bytes 1/31/2012 15:56:49
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 1/31/2012 15:56:50
SQLITE3.DLL : 3.7.0.0 398288 Bytes 1/31/2012 15:57:08
AVSMTP.DLL : 12.1.0.17 62928 Bytes 1/31/2012 15:56:54
NETNT.DLL : 12.1.0.17 17104 Bytes 1/31/2012 15:57:04
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 1/31/2012 15:57:30
RCTEXT.DLL : 12.1.1.16 96208 Bytes 1/31/2012 15:57:30
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: Tuesday, March 27, 2012 10:56
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\MODES\1600,1200
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avcenter.exe' - '105' Module(s) have been scanned
Scan process 'VCService.exe' - '31' Module(s) have been scanned
Scan process 'UNS.exe' - '41' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '29' Module(s) have been scanned
Scan process 'listener.exe' - '23' Module(s) have been scanned
Scan process 'Oasis2Service.exe' - '109' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '22' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
Scan process 'VAIO Messenger.exe' - '117' Module(s) have been scanned
Scan process 'KeyboardShortcuts.exe' - '90' Module(s) have been scanned
Scan process 'firefox.exe' - '115' Module(s) have been scanned
Scan process 'distnoted.exe' - '33' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'EEventManager.exe' - '74' Module(s) have been scanned
Scan process 'PMBVolumeWatcher.exe' - '55' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '49' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '49' Module(s) have been scanned
Scan process 'ubd.exe' - '77' Module(s) have been scanned
Scan process 'Jing.exe' - '125' Module(s) have been scanned
Scan process 'lxdvamon.exe' - '61' Module(s) have been scanned
Scan process 'lxdvmon.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '36' Module(s) have been scanned
Scan process 'DllHost.exe' - '35' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '65' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '52' Module(s) have been scanned
Scan process 'VESMgr.exe' - '37' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '22' Module(s) have been scanned
Scan process 'PMBDeviceInfoProvider.exe' - '29' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '64' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1283' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
Beginning disinfection:
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '49f3985f.qua'.
C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0002.dta
[DETECTION] Is the TR/Spy.9216.233 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5164b7f8.qua'.
End of the scan: Tuesday, March 27, 2012 14:48
Used time: 3:51:29 Hour(s)
The scan has been done completely.
32290 Scanned directories
530966 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
530964 Files not concerned
20834 Archives were scanned
0 Warnings
6 Notes
650943 Objects were scanned with rootkit scan
4 Hidden objects were found
OTL LOG
OTL Extras logfile created on: 3/28/2012 3:34:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mark\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.95 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 42.32% Memory free
7.90 Gb Paging File | 5.03 Gb Available in Paging File | 63.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.26 Gb Total Space | 498.57 Gb Free Space | 85.19% Space Free | Partition Type: NTFS
Computer Name: MARK-VAIO | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Lexmark X5400 Series" = Lexmark X5400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18894D16-5448-4BF9-A128-F7E937322F91}" = OOBE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5248E24-F52C-4FD1-B76F-102460BAFD6B}" = VAIO Help and Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE8974B4-479C-4DBA-8544-9E5342ABB26A}" = Keyboard Shortcuts
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Application Manager for VAIO" = Application Manager for VAIO
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"splashtop" = VAIO Quick Web Access
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/14/2012 11:01:05 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3105
Error - 3/14/2012 11:01:05 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3105
Error - 3/14/2012 11:14:16 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/14/2012 11:14:16 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 794498
Error - 3/14/2012 11:14:16 PM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 794498
Error - 3/15/2012 1:01:21 AM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/15/2012 1:01:21 AM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030
Error - 3/15/2012 1:01:21 AM | Computer Name = mark-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030
Error - 3/15/2012 10:40:39 AM | Computer Name = mark-VAIO | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
The process cannot access the file because it is being used by another process.
Error - 3/15/2012 11:11:36 AM | Computer Name = mark-VAIO | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 3/15/2012 11:32:00 AM | Computer Name = mark-VAIO | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 3/15/2012 11:32:25 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 3/15/2012 11:33:13 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
Error - 3/15/2012 11:38:29 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
Error - 3/15/2012 11:40:09 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%31
Error - 3/15/2012 1:25:59 PM | Computer Name = mark-VAIO | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.106. The computer with the IP address 192.168.1.112 did
not allow the name to be claimed by this computer.
Error - 3/15/2012 1:30:59 PM | Computer Name = mark-VAIO | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 3/15/2012 1:31:06 PM | Computer Name = mark-VAIO | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 3/16/2012 11:15:04 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7022
Description = The VAIO Care Performance Service service hung on starting.
Error - 3/16/2012 11:17:01 AM | Computer Name = mark-VAIO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.
< End of report >
Edited by maradei, 28 March 2012 - 04:45 PM.