WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] Possible Spyware infection

Started by valoism , Mar 26 2008 05:10 AM

This topic is locked

4 replies to this topic

#1 valoism

New Member

New Member
2 posts

Posted 26 March 2008 - 05:10 AM

I really don´t understand almost anything about how computers work, I just know how to operate some softwares... So I'll try to describe what's happening as precise as possible.
First, messages started popping up my screen, warning me my computer had been infected by Abebot (wml.exe). As I have Norton 360 installed I ran it, and also ran Windows Defender. They detected some risks and supposedly corrected them.
I also went to the Symantec website (http://www.symantec....2305-99&tabid=2) and found instructions to remove wml.exe manually. They have instructions only for Windows older versions (XP and NT). Anyway, following partially the instructions I didn´t find any registry or file mentioned in the instructions that could be related to the risk.
However, the warning continued popping up my screen, mentioning another infection, this time by TrojanDownloader.xs. When I clicked the warning, waiting for a solution, it opened an advertisement of PC Cleaner products.
I also noticed that Windows Task Manager is not visible for me anymore and everytime I log in, a folder (with multiple subfolders) is created in my Desktop.
Searching the Web, I discovered this Forum, so I hope you can help me.

Here is the log from HijackThis. Please, let me know if you need any other information.

Thank you very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:45, on 26-03-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\xsxcfqdk\pgnelgbw.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\puxkjozi.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: GNX Bingo - {2F97A8CB-0E8F-4AF0-B737-12C03F355794} - C:\Windows\kdftlboeopx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [nbrsdzxm] C:\Windows\system32\puxkjozi.exe
O4 - HKLM\..\Policies\Explorer\Run: [x2i1Ydaj8M] C:\ProgramData\xsxcfqdk\pgnelgbw.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: CDCheck - {683c86e3-5179-4bd5-a4a9-1acd0a1ddb22} - C:\Windows\Installer\{683c86e3-5179-4bd5-a4a9-1acd0a1ddb22}\CDCheck.dll
O21 - SSODL: vbgtorfd - {786764B0-6C60-42B6-A220-68455D43EE5E} - C:\Windows\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {98771E9D-0B38-449F-B415-4D833131F648} - C:\Windows\dwnrpofk.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15634 bytes

Attached Thumbnails

Advertisements

Register to Remove

#2 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 01 April 2008 - 12:17 PM

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3 valoism

New Member

New Member
2 posts

Posted 02 April 2008 - 01:28 AM

Thank you for the help. Here are the reports:

SmitFraudFix v2.309

Scan done at 8:08:13,30, 02-04-2008
Run from C:\Users\Admin\Desktop\SmitfraudFix
OS: Microsoft Windows [VersÆo 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\Windows\kdftlboeopx.dll deleted.
C:\Windows\vbgtorfd.dll deleted.
C:\Windows\dwnrpofk.dll deleted.

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\akl\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{992B8B0B-A378-4E7B-B4FE-399C18B26A55}: DhcpNameServer=195.23.129.126 194.79.69.222 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{992B8B0B-A378-4E7B-B4FE-399C18B26A55}: DhcpNameServer=195.23.129.126 194.79.69.222 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.23.129.126 194.79.69.222 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.23.129.126 194.79.69.222 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by Admin on 2008-04-02 08:16:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-04-02 06:51:25 UTC - RP244 - Windows Update
4: 2008-04-01 14:00:57 UTC - RP243 - Ponto de Verificação Agendado
3: 2008-03-31 11:48:21 UTC - RP242 - Ponto de Verificação Agendado
2: 2008-03-30 10:52:27 UTC - RP241 - Ponto de Verificação Agendado
1: 2008-03-28 10:39:42 UTC - RP240 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:02, on 02-04-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\ProgramData\xsxcfqdk\pgnelgbw.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Admin\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [nbrsdzxm] C:\Windows\system32\puxkjozi.exe
O4 - HKLM\..\Policies\Explorer\Run: [x2i1Ydaj8M] C:\ProgramData\xsxcfqdk\pgnelgbw.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14600 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - \??\c:\windows\system32\drivers\pclepci.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 PACSPTISVR - c:\program files\common files\sony shared\avlib\pacsptisvr.exe <Not Verified; ; PACSPTISVR Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-03-02 and 2008-04-02 -----------------------------

2008-04-02 08:08:20 4508 --a------ C:\Windows\system32\tmp.reg
2008-04-02 08:07:13 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-04-02 08:07:13 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-02 08:07:13 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-02 08:07:13 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-02 08:07:13 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-02 08:07:13 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-02 08:07:13 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-27 00:22:01 0 d-------- C:\perflogs
2008-03-26 11:32:25 0 d-------- C:\Program Files\Trend Micro
2008-03-25 10:50:18 0 d-------- C:\Windows\pss
2008-03-24 18:39:16 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\userconfig9x.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32temp#01.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32taack.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32taack.dat
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32ssvchost.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32ssvchost.com
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32ssurf022.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32sncntr.exe
2008-03-24 18:39:15 0 d-------- C:\Windows\system32smp
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32regm64.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32regc64.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32psoft1.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32psof1.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32ps1.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32netode.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32mwin32.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32mtr2.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32msvchost.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32msnbho.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32msgp.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32medup020.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32medup012.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32hoproxy.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\iTunesMusic.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\FVProtect.exe
2008-03-24 18:39:15 4096 --a------ C:\Windows\a.bat
2008-03-24 18:39:15 0 d-------- C:\Program Files\Inet Delivery
2008-03-24 18:39:14 4096 --a------ C:\Windows\winsystem.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32winsystem.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32vbsys2.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32thun32.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32thun.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32sysreq.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32Rundl1.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32newsd32.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32mssecu.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32emesx.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32bdn.com
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32awtoolb.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32anticipator.dll
2008-03-24 18:39:14 4096 --a------ C:\Windows\system32akttzn.exe
2008-03-24 18:39:14 4096 --a------ C:\Windows\mssecu.exe
2008-03-24 18:39:14 0 d-------- C:\Windows\mslagent
2008-03-24 18:39:14 4096 --a------ C:\Windows\bdn.com
2008-03-23 10:51:48 0 d-------- C:\Users\Admin\.freemind
2008-03-13 15:04:38 446464 -----n--- C:\Windows\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHELP for Microsoft HTML Help 9>
2008-03-13 14:12:33 155721 --a------ C:\Windows\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2008-03-13 14:12:33 401408 --a------ C:\Windows\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite>
2008-03-13 14:12:33 204881 --a------ C:\Windows\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2008-03-13 14:12:30 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-03-13 14:12:30 73728 --a------ C:\Windows\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2008-03-13 14:12:30 32768 --a------ C:\Windows\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2008-03-13 14:12:30 114759 --a------ C:\Windows\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2008-03-13 14:10:42 0 d-------- C:\Program Files\SmartSound Software
2008-03-13 14:08:10 138752 --a------ C:\Windows\system32\mase32.dll
2008-03-13 14:08:10 57856 --a------ C:\Windows\system32\masd32.dll
2008-03-13 14:08:10 136192 --a------ C:\Windows\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library>
2008-03-13 14:08:10 196096 --a------ C:\Windows\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library>
2008-03-13 14:08:10 27648 --a------ C:\Windows\system32\ma32.dll
2008-03-13 14:07:36 14165 --a------ C:\Windows\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-03-13 14:06:01 41219 --a------ C:\Windows\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH>
2008-03-13 14:03:59 49152 --a------ C:\Windows\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-03-13 14:00:11 0 d-------- C:\Program Files\Pinnacle
2008-03-06 15:06:49 0 d-------- C:\Programas

-- Find3M Report ---------------------------------------------------------------

2008-04-02 08:15:29 0 d-------- C:\Users\Admin\AppData\Roaming\OpenOffice.org2
2008-04-02 08:15:18 0 d-------- C:\Users\Admin\AppData\Roaming\Orbit
2008-04-02 08:08:21 35 --a------ C:\Users\Admin\AppData\Roaming\SetValue.bat
2008-04-02 08:08:21 691 --a------ C:\Users\Admin\AppData\Roaming\GetValue.vbs
2008-04-02 07:59:38 521184 --a------ C:\Windows\system32\prfh0816.dat
2008-04-02 07:59:38 86508 --a------ C:\Windows\system32\prfc0816.dat
2008-04-02 07:59:38 455632 --a------ C:\Windows\system32\perfh01F.dat
2008-04-02 07:59:38 463874 --a------ C:\Windows\system32\perfh01D.dat
2008-04-02 07:59:38 527046 --a------ C:\Windows\system32\perfh015.dat
2008-04-02 07:59:38 451034 --a------ C:\Windows\system32\perfh00B.dat
2008-04-02 07:59:38 571158 --a------ C:\Windows\system32\perfh008.dat
2008-04-02 07:59:38 465114 --a------ C:\Windows\system32\perfh005.dat
2008-04-02 07:59:38 81310 --a------ C:\Windows\system32\perfc01F.dat
2008-04-02 07:59:38 81394 --a------ C:\Windows\system32\perfc01D.dat
2008-04-02 07:59:38 86300 --a------ C:\Windows\system32\perfc015.dat
2008-04-02 07:59:38 83788 --a------ C:\Windows\system32\perfc00B.dat
2008-04-02 07:59:38 91612 --a------ C:\Windows\system32\perfc008.dat
2008-04-02 07:59:38 81312 --a------ C:\Windows\system32\perfc005.dat
2008-03-31 12:55:21 0 d-------- C:\Users\Admin\AppData\Roaming\Skype
2008-03-26 12:07:38 0 d-------- C:\Users\Admin\AppData\Roaming\Adobe
2008-03-24 19:01:20 0 d-------- C:\Program Files\Common Files
2008-03-24 17:32:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-24 17:26:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 15:14:41 0 d-------- C:\Program Files\DivX
2008-03-13 14:08:13 121 --a------ C:\AUTOEXEC.BAT
2008-03-13 04:13:50 0 d-------- C:\Program Files\Windows Mail
2008-02-26 10:12:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-21 14:27:52 0 d-------- C:\Program Files\OpenOffice.org 2.3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21-08-2007 19:18]
"RtHDVCpl"="RtHDVCpl.exe" [08-04-2007 03:33 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10-03-2007 02:58]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [30-06-2007 02:08]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [30-06-2007 02:07]
"Persistence"="C:\Windows\system32\igfxpers.exe" [30-06-2007 02:07]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [12-06-2007 02:27]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [21-08-2007 22:54]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [14-02-2007 02:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [16-07-2007 22:04]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10-05-2007 23:46]
"@"="" []
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [18-12-2006 12:08]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [19-07-2006 15:51]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11-08-2005 17:30]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 18:38]
"PinnacleDriverCheck"="C:\Windows\system32\\PSDrvCheck.exe" [11-03-2004 01:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11-08-2005 17:30]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [18-09-2007 14:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 13:36]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01-03-2007 18:37]
"nbrsdzxm"="C:\Windows\system32\puxkjozi.exe" []

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [27-10-2006 04:24:54]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [14-11-2007 18:32:04]
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [31-01-2007 12:06:29]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-09-2005 23:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [23-05-2007 00:57:26]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [06-12-2007 14:37:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"x2i1Ydaj8M"=C:\ProgramData\xsxcfqdk\pgnelgbw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 25-07-2007 03:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Autorun\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-04-02 08:19:46 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Portuguese

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 2037.81 MiB / 1126.69 MiB
Pagefile Memory (total/avail): 4292.87 MiB / 3246.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.4 MiB

C: is Fixed (NTFS) - 138.37 GiB total, 82.74 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick0 Device

\\.\PHYSICALDRIVE2 - SD1 Device

\\.\PHYSICALDRIVE0 - ST9160821AS ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 10.68 GiB
\PARTITION1 (bootable) - Installable File System - 138.37 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton 360 v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Admin\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAIO
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Admin
LOCALAPPDATA=C:\Users\Admin\AppData\Local
LOGONSERVER=\\VAIO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Admin\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Temp
USERDOMAIN=VAIO
USERNAME=Admin
USERPROFILE=C:\Users\Admin
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Admin
Andreas

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\InstallShield Installation Information\{AFBA0609-EB70-43CB-B11C-294EDADFA101}\setup.exe -runfromtemp -l0x0009 -removeonly
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{638BAD93-701B-482A-86C6-72DFF3E6FE51}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat 8.1.1 Standard --> msiexec /I {AC76BA86-1033-F400-BA7E-000000000003}
Adobe Digital Editions --> C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions2x0\digitaleditions2x0.exe -uninstall
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Magic-i Visual Effects Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}\Setup.exe" -l0x9
Assistente de Início de Sessão do Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Atlantis - Sky Patrol (remove only) --> C:\Big Fish Games\Atlantis - Sky Patrol\Uninstall.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0816 -removeonly
Big Fish Games Center --> C:\Big Fish Games\Uninstall.exe
Big Fish Games Sudoku (remove only) --> C:\Big Fish Games\sudoku\Uninstall.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BR --> MsiExec.exe /I{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}
Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -runfromtemp -l0x0816 Brunin03.dll -removeonly
Browser Address Error Redirector --> regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Click to DVD 2.0.05 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Free Natural Text to Speech Reader 2007 --> MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Instant Mode --> C:\Program Files\InstallShield Installation Information\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Mahjong Towers Eternity (remove only) --> C:\Big Fish Games\Mahjong Towers Eternity\Uninstall.exe
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}
Microsoft Office Excel MUI (Swedish) 2007 --> MsiExec.exe /X{90120000-0016-041D-0000-0000000FF1CE}
Microsoft Office Excel MUI (Turkish) 2007 --> MsiExec.exe /X{90120000-0016-041F-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-00A1-0816-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Swedish) 2007 --> MsiExec.exe /X{90120000-00A1-041D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Turkish) 2007 --> MsiExec.exe /X{90120000-00A1-041F-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Swedish) 2007 --> MsiExec.exe /X{90120000-0018-041D-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Turkish) 2007 --> MsiExec.exe /X{90120000-0018-041F-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007 --> MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proof (Turkish) 2007 --> MsiExec.exe /X{90120000-001F-041F-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007 --> MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}
Microsoft Office Proofing (Swedish) 2007 --> MsiExec.exe /X{90120000-002C-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Turkish) 2007 --> MsiExec.exe /X{90120000-002C-041F-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Greek) 2007 --> MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}
Microsoft Office Shared MUI (Swedish) 2007 --> MsiExec.exe /X{90120000-006E-041D-0000-0000000FF1CE}
Microsoft Office Shared MUI (Turkish) 2007 --> MsiExec.exe /X{90120000-006E-041F-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}
Microsoft Office Word MUI (Swedish) 2007 --> MsiExec.exe /X{90120000-001B-041D-0000-0000000FF1CE}
Microsoft Office Word MUI (Turkish) 2007 --> MsiExec.exe /X{90120000-001B-041F-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x816 -removeonly
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Mystery Case Files - Prime Suspects (remove only) --> C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Save and Restore --> MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B201}
OpenMG Limited Patch 4.7-07-15-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OpenOffice.org 2.3 --> MsiExec.exe /I{C743A09F-7FF8-4CDE-AF76-7957E30834A5}
Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pinnacle TVCenter Pro --> "C:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe"UNINSTALL /l0x0416 -removeonly
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Easy Media Creator Home --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Setting Utility Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -l0x9 -removeonly
Skype 3.2 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SonicStage Mastering Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Plugins --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library --> C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x416 UNINSTALL
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VAIO Aqua Breeze Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\setup.exe" -l0x9 -removeonly
VAIO Camera Capture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x9 -removeonly
VAIO Content Folder Setting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -l0x9 -removeonly
VAIO Content Importer / VAIO Content Exporter --> C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager --> C:\Program Files\InstallShield Installation Information\{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Manager Setting --> C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library --> C:\Program Files\InstallShield Installation Information\{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -l0x9 -removeonly
VAIO Cozy Orange Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\setup.exe" -l0x9 -removeonly
VAIO Data Restore Tool --> C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Entertainment Platform --> C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Event Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9 -removeonly
VAIO Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -l0x9 -removeonly
VAIO Long Battery Life Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}\setup.exe" -l0x9 -removeonly
VAIO Media 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Content Collection 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Integrated Server 6.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Movie Story --> C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Movie Story Template Data --> C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO MusicBox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -l0x9 -removeonly
VAIO MusicBox Sample Music --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -l0x9 -removeonly
VAIO Original Function Setting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -l0x9 -removeonly
VAIO Original Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\Setup.exe" -l0x9
VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -l0x9 -removeonly
VAIO Tender Green Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\setup.exe" -l0x9 -removeonly
VAIO Update 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9 -removeonly
VAIO Xblack Contents -->
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Verbix 7.3 --> "C:\Program Files\Verbix7\unins000.exe"
Virtual Villagers (remove only) --> C:\Big Fish Games\Virtual Villagers\Uninstall.exe
Windows Live installer --> MsiExec.exe /X{0C69F74B-DA6A-4C56-8017-988B7D63993A}
Windows Live Messenger --> MsiExec.exe /X{B98023FD-EC2A-404B-BFC3-49E7ECE4490E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for VAIO --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Wireless Switch Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x9 -removeonly

-- Application Event Log -------------------------------------------------------

Event Record #/Type9657 / Success
Event Submitted/Written: 04/02/2008 08:13:15 AM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type9654 / Error
Event Submitted/Written: 04/02/2008 08:13:14 AM
Event ID/Source: 7 / VzCdbSvc
Event Description:
Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Event Record #/Type9652 / Success
Event Submitted/Written: 04/02/2008 08:13:10 AM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type9649 / Success
Event Submitted/Written: 04/02/2008 08:13:09 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type9646 / Success
Event Submitted/Written: 04/02/2008 08:13:06 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
O serviço de Licenciamento de Software foi iniciado.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type44533 / Warning
Event Submitted/Written: 04/02/2008 08:18:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Protecção em Tempo Real %VAIO27 detectou alterações. A Microsoft recomenda a análise do software que efectuou estas alterações para a detecção de riscos potenciais. Pode utilizar as informações sobre a forma como estes programas funcionam para permitir a sua execução ou para os remover do computador. Só permita as alterações se o programa ou o fabricante do software for fidedigno. %VAIO27 não consegue anular as alterações permitidas.

Para mais informações, consulte o seguinte:
%VAIO275

ID de Análise: {380B8859-77BF-4CB2-9C13-721E1DAA358D}

Utilizador: VAIO\Admin

Nome: %VAIO271

ID: %VAIO272

ID de Gravidade: %VAIO273

ID de Categoria: %VAIO274

Caminho Localizado: %VAIO276

Tipo de Alerta: %VAIO278

Tipo de Detecção: 1.1.1505.02

Event Record #/Type44532 / Warning
Event Submitted/Written: 04/02/2008 08:18:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Protecção em Tempo Real %VAIO27 detectou alterações. A Microsoft recomenda a análise do software que efectuou estas alterações para a detecção de riscos potenciais. Pode utilizar as informações sobre a forma como estes programas funcionam para permitir a sua execução ou para os remover do computador. Só permita as alterações se o programa ou o fabricante do software for fidedigno. %VAIO27 não consegue anular as alterações permitidas.

Para mais informações, consulte o seguinte:
%VAIO275

ID de Análise: {8E1AC195-DC78-40AB-9421-D7AF9EE5678C}

Utilizador: VAIO\Admin

Nome: %VAIO271

ID: %VAIO272

ID de Gravidade: %VAIO273

ID de Categoria: %VAIO274

Caminho Localizado: %VAIO276

Tipo de Alerta: %VAIO278

Tipo de Detecção: 1.1.1505.02

Event Record #/Type44531 / Warning
Event Submitted/Written: 04/02/2008 08:18:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Protecção em Tempo Real %VAIO27 detectou alterações. A Microsoft recomenda a análise do software que efectuou estas alterações para a detecção de riscos potenciais. Pode utilizar as informações sobre a forma como estes programas funcionam para permitir a sua execução ou para os remover do computador. Só permita as alterações se o programa ou o fabricante do software for fidedigno. %VAIO27 não consegue anular as alterações permitidas.

Para mais informações, consulte o seguinte:
%VAIO275

ID de Análise: {A78E6485-A645-4459-9F0C-7620A00ED36B}

Utilizador: VAIO\Admin

Nome: %VAIO271

ID: %VAIO272

ID de Gravidade: %VAIO273

ID de Categoria: %VAIO274

Caminho Localizado: %VAIO276

Tipo de Alerta: %VAIO278

Tipo de Detecção: 1.1.1505.02

Event Record #/Type44530 / Warning
Event Submitted/Written: 04/02/2008 08:18:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Protecção em Tempo Real %VAIO27 detectou alterações. A Microsoft recomenda a análise do software que efectuou estas alterações para a detecção de riscos potenciais. Pode utilizar as informações sobre a forma como estes programas funcionam para permitir a sua execução ou para os remover do computador. Só permita as alterações se o programa ou o fabricante do software for fidedigno. %VAIO27 não consegue anular as alterações permitidas.

Para mais informações, consulte o seguinte:
%VAIO275

ID de Análise: {427D3156-F24E-41B4-AFCF-A2C2454EC70B}

Utilizador: VAIO\Admin

Nome: %VAIO271

ID: %VAIO272

ID de Gravidade: %VAIO273

ID de Categoria: %VAIO274

Caminho Localizado: %VAIO276

Tipo de Alerta: %VAIO278

Tipo de Detecção: 1.1.1505.02

Event Record #/Type44529 / Warning
Event Submitted/Written: 04/02/2008 08:18:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Protecção em Tempo Real %VAIO27 detectou alterações. A Microsoft recomenda a análise do software que efectuou estas alterações para a detecção de riscos potenciais. Pode utilizar as informações sobre a forma como estes programas funcionam para permitir a sua execução ou para os remover do computador. Só permita as alterações se o programa ou o fabricante do software for fidedigno. %VAIO27 não consegue anular as alterações permitidas.

Para mais informações, consulte o seguinte:
%VAIO275

ID de Análise: {4300282E-4545-4919-B153-4CABAD137237}

Utilizador: VAIO\Admin

Nome: %VAIO271

ID: %VAIO272

ID de Gravidade: %VAIO273

ID de Categoria: %VAIO274

Caminho Localizado: %VAIO276

Tipo de Alerta: %VAIO278

Tipo de Detecção: 1.1.1505.02

-- End of Deckard's System Scanner: finished at 2008-04-02 08:19:46 ------------

#4 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 02 April 2008 - 03:58 PM

Hello

You have two firewalls, so you need to disable Windows firewall

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [nbrsdzxm] C:\Windows\system32\puxkjozi.exe
O4 - HKLM\..\Policies\Explorer\Run: [x2i1Ydaj8M] C:\ProgramData\xsxcfqdk\pgnelgbw.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\ProgramData\xsxcfqdk\pgnelgbw.exe
C:\Windows\system32winlogonpc.exe
C:\Windows\userconfig9x.dll
C:\Windows\system32temp#01.exe
C:\Windows\system32taack.exe
C:\Windows\system32taack.dat
C:\Windows\system32ssvchost.exe
C:\Windows\system32ssvchost.com
C:\Windows\system32ssurf022.dll
C:\Windows\system32sncntr.exe
C:\Windows\system32smp
C:\Windows\system32regm64.dll
C:\Windows\system32regc64.dll
C:\Windows\system32psoft1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32ps1.exe
C:\Windows\system32netode.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32msgp.exe
C:\Windows\system32medup020.dll
C:\Windows\system32medup012.dll
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hoproxy.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32dpcproxy.exe
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\iTunesMusic.exe
C:\Windows\FVProtect.exe
C:\Windows\a.bat
C:\Program Files\Inet Delivery
C:\Windows\winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\system32winsystem.exe
C:\Windows\system32vcatchpi.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32thun32.dll
C:\Windows\system32thun.dll
C:\Windows\system32sysreq.exe
C:\Windows\system32Rundl1.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32mssecu.exe
C:\Windows\system32emesx.dll
C:\Windows\system32bdn.com
C:\Windows\system32awtoolb.dll
C:\Windows\system32anticipator.dll
C:\Windows\system32akttzn.exe
C:\Windows\mssecu.exe
C:\Windows\mslagent
C:\Windows\bdn.com
G:\Autorun
C:\Windows\system32\puxkjozi.exe
C:\ProgramData\xsxcfqdk

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

Edited by Rorschach112, 02 April 2008 - 03:59 PM.

#5 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 06 April 2008 - 06:46 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Body Background

skin color theme