main
Deckard's System Scanner v20070411.38
Run by Alex on 2007-04-13 at 19:48:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
51: 2007-04-13 18:48:54 UTC - RP90 - Deckard's System Scanner Restore Point
50: 2007-04-12 23:21:16 UTC - RP89 - Removed Java 2 Runtime Environment, SE v1.4.2_01
49: 2007-04-12 23:17:46 UTC - RP88 - Software Distribution Service 2.0
48: 2007-04-12 23:12:32 UTC - RP87 - Installed Java(TM) SE Runtime Environment 6 Update 1
47: 2007-04-12 13:34:19 UTC - RP86 - Software Distribution Service 2.0
-- First Restore Point --
1: 2007-02-10 23:10:28 UTC - RP40 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Alex.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:54:49, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Documents and Settings\Alex\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Alex.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.club-vaio.sony-europe.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DF189E0D-34CD-4CF3-A454-ED39A5D669D8} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: (no name) - {F4B3C97C-C410-4E3F-88C5-DC137324EC3C} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [RECOVMSG] C:\Program Files\Sony\VAIO Application Recovery Utility\bin\RecovMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FF7C5F-25C6-4168-8AFF-F8A992C985D5}: NameServer = 194.168.4.100,192.168.123.254
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys
R1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 tmcomm - c:\windows\system32\drivers\tmcomm.sys
R3 ApfiltrService (Alps Pointing-device Filter Driver) - c:\windows\system32\drivers\apfiltr.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWSIS - c:\windows\system32\drivers\hsfhwsis.sys
R3 LEX_AS_NIC_SERVICE_YNOS (LAN-Express AS IEEE 802.11g Wireless Network Adapter Service) - c:\windows\system32\drivers\expasag.sys
R3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - c:\windows\system32\drivers\sisnic.sys
R3 SNC (Sony Notebook Control Device) - c:\windows\system32\drivers\sonync.sys
R3 SPI (Sony Programmable I/O Control Device) - c:\windows\system32\drivers\sonypi.sys
R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Scheduled Tasks -------------------------------------------------------------
2007-04-13 00:27:41 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-01-04 14:20:49 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-03-13 and 2007-04-13 -----------------------------
2007-04-12 21:49:05 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-12 17:45:59 280676 ---hs---- C:\WINDOWS\system32\pmnnl.dll
2007-04-12 17:26:26 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-12 17:24:50 0 d-------- C:\hjt
2007-04-12 14:03:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-12 10:35:30 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-04-12 10:31:21 0 d-------- C:\Documents and Settings\Alex\Application Data\URSoft
2007-04-12 10:30:38 0 d-------- C:\Program Files\Your Uninstaller 2006<YOURUN~1>
2007-04-11 22:11:16 26694 --a------ C:\WINDOWS\system32\opnnool.dll
2007-04-11 21:21:36 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-11 21:16:38 0 d-------- C:\Documents and Settings\Alex\.housecall6.6<HOUSEC~1.6>
2007-04-11 21:05:07 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-11 20:46:26 26694 --a------ C:\WINDOWS\system32\vtuvspn.dll
2007-04-11 20:42:47 0 d-------- C:\WINDOWS\pss
2007-04-11 20:05:44 50048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-04-11 20:02:19 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-11 20:02:19 0 d-------- C:\Documents and Settings\Alex\Application Data\PC Tools<PCTOOL~1>
2007-04-11 19:38:41 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-11 19:38:14 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-04-11 19:36:25 0 d-------- C:\Program Files\Enigma Software Group<ENIGMA~1>
2007-04-11 19:12:59 0 d-------- C:\Program Files\XoftSpy
2007-04-11 19:12:01 0 d-------- C:\Documents and Settings\Alex\Application Data\Lavasoft
2007-04-11 19:11:49 0 d-------- C:\Program Files\Lavasoft
2007-04-11 19:01:32 0 d-------- C:\Documents and Settings\Alex\Application Data\WinRAR
2007-04-11 18:16:31 0 d-------- C:\Program Files\Common Files\{3489679F-0AF5-1033-1107-03071503002c}<{34896~3>
2007-04-11 18:16:28 0 d-------- C:\Program Files\Common Files\{D489679F-0AF5-1033-1107-03071503002c}<{D4896~3>
2007-04-11 18:16:24 26694 --a------ C:\WINDOWS\system32\jkkhfgd.dll
2007-04-11 17:24:52 280676 ---hs---- C:\WINDOWS\system32\ssqpp.dll
2007-04-11 17:24:52 280676 ---hs---- C:\WINDOWS\system32\awvts.dll
2007-04-11 17:19:30 0 d-------- C:\Program Files\Common Files\{D489679F-0AF6-1033-1107-03071503002c}<{D4896~2>
2007-04-11 17:19:30 0 d-------- C:\Program Files\Common Files\{3489679F-0AF6-1033-1107-03071503002c}<{34896~2>
2007-04-11 17:19:25 26694 --a------ C:\WINDOWS\system32\khfddec.dll
2007-04-11 16:18:49 0 d-------- C:\Program Files\Common Files\{3489679F-0643-1033-1107-03071503002c}<{34896~1>
2007-04-11 16:18:47 26694 --a------ C:\WINDOWS\system32\hgghefd.dll
2007-04-11 16:18:37 189952 --a------ C:\Documents and Settings\Alex\us.exe
2007-04-11 16:18:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-09 22:11:52 1763 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache<QTSBAN~1>
2007-04-02 15:46:32 0 d--h----- C:\BJPrinter<BJPRIN~1>
2007-03-25 23:03:43 0 d-------- C:\Documents and Settings\Alex\Application Data\InterVideo<INTERV~1>
2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-03-14 23:53:19 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-14 23:53:15 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-14 23:53:10 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
-- Find3M Report ---------------------------------------------------------------
2007-04-13 12:34:45 0 d---s---- C:\Documents and Settings\Alex\Application Data\Microsoft<MICROS~1>
2007-04-13 00:15:43 0 d-------- C:\Program Files\Java
2007-04-12 10:38:20 0 d-------- C:\Program Files\Yahoo!
2007-04-12 10:37:43 0 d-------- C:\Program Files\Windows Live Toolbar<WI81E8~1>
2007-04-12 10:35:23 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-09 22:11:59 0 d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer<APPLEC~1>
2007-03-17 14:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 21:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\C-Major Audio\\stacmon.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"RECOVMSG"="C:\\Program Files\\Sony\\VAIO Application Recovery Utility\\bin\\RecovMsg.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"
"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"
"Registering ActiveScan controles"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{9796007A-181E-4C97-99EB-7F71B8989A7B}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{D489679F-0AF5-1033-1107-03071503002c}"="\"C:\\Program Files\\Common Files\\{D489679F-0AF5-1033-1107-03071503002c}\\Update.exe\" mc-110-12-0000904"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{D489679F-0AF5-1033-1107-03071503002c}"="\"C:\\Program Files\\Common Files\\{D489679F-0AF5-1033-1107-03071503002c}\\Update.exe\" mc-110-12-0000904"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a2ab69e-b164-11db-8a1d-080046d2f9a4}]
Shell\Auto\command Cn911.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
-- End of Deckard's System Scanner: finished at 2007-04-13 at 19:55:17 ---------
Deckard's System Scanner v20070411.38
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 509.48 MiB / 235.37 MiB
Pagefile Memory (total/avail): 1247.98 MiB / 673.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1983.58 MiB
C: is Fixed (NTFS) - 27.95 GiB total, 4.18 GiB free.
D: is Fixed (NTFS) - 27.94 GiB total, 27.64 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT32)
G: is Removable (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: avast! antivirus 4.7.942 [VPS 000733-1] v4.7.942 (ALWIL Software)
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alex\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alex
LOGONSERVER=\\VAIO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alex\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alex\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VAIO
USERNAME=Alex
USERPROFILE=C:\Documents and Settings\Alex
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Alex
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69A0D256-A72C-4C33-9413-E1C0174CA7F4}\Setup.exe" -l0x9
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsz.inf
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\Setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_814E104D\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_814E104D
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 3.5 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Sunbelt CounterSpy --> MsiExec.exe /I{0AD5AD99-6172-4385-8765-385FBE3A1013}
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\Setup.exe" -l0x9
VAIO Clock Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\Setup.exe" -l0x9
VAIO DeepSea Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\Setup.exe" -l0x9
VAIO Nature Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F4BB224-F0EB-433C-BF93-62AAB092D414}\Setup.exe" -l0x9
VAIO Online Registration (English) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l2057
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpy --> C:\Program Files\XoftSpy\uninstall.exe
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- End of Deckard's System Scanner: finished at 2007-04-13 at 19:55:17 ---------