This is my Deckard's System Scanner log :
main.txt :
Deckard's System Scanner v20071014.68
Run by Cummins on 2008-02-27 13:29:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2008-02-27 07:59:57 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-02-26 07:15:47 UTC - RP6 - System Checkpoint
5: 2008-02-25 05:46:17 UTC - RP5 - Installed AVG 7.5
4: 2008-02-25 05:43:47 UTC - RP4 - Installed AVG 7.5
3: 2008-02-25 05:40:32 UTC - RP3 - Removed AVG 7.5
-- First Restore Point --
1: 2008-02-22 10:19:34 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-27 13:30:51
Platform: Windows XP Service Pack 2, v.2096 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2096)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\scvhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SoundMan.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\scvhost.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\comp backup\UltraSurf v8.8.exe
C:\Documents and Settings\Cummins\Desktop\Downloads\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.in/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
F0 - system.ini: Shell=Explorer.exe scvhost.exe
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Global Startup: WordWeb.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{68B26C19-F436-4C24-AFC8-548FBC384F63}: NameServer = 202.138.96.2,202.138.103.100
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Cummins\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product=
--
End of file - 7316 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys
R1 IfsDrives - c:\windows\system32\drivers\ifsdrives.sys
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 hpdj - c:\docume~1\cummins\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-02-27 10:45:38 354 --a------ C:\WINDOWS\Tasks\At1.job
-- Files created between 2008-01-27 and 2008-02-27 -----------------------------
2008-02-27 10:58:27 0 d-------- C:\Documents and Settings\Cummins\Application Data\Malwarebytes
2008-02-27 10:57:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-27 10:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-27 08:19:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-26 15:06:13 0 dr-h----- C:\$VAULT$.AVG
2008-02-26 12:19:54 0 d--hs---- C:\FOUND.000
2008-02-25 16:24:36 396288 --a------ C:\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-02-25 16:11:18 0 d-------- C:\Program Files\Trend Micro
2008-02-25 16:06:07 0 d-------- C:\Documents and Settings\Cummins\Application Data\Grisoft
2008-02-25 13:28:39 0 d-------- C:\bintheredunthat
2008-02-25 13:23:55 0 d-------- C:\BFU
2008-02-25 12:45:29 0 d-------- C:\WINDOWS\pss
2008-02-25 11:16:39 0 d-------- C:\Documents and Settings\Cummins\Application Data\AVG7
2008-02-25 11:16:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-25 11:16:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 11:13:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-22 15:48:04 0 d-------- C:\WINDOWS\Prefetch
2008-02-22 15:43:33 0 d-------- C:\Program Files\msn gaming zone
2008-02-22 15:09:17 0 d-------- C:\Program Files\Lavasoft
2008-02-22 15:09:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-22 15:08:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:44:45 0 dr-h----- C:\Documents and Settings\Cummins\Recent
2008-02-22 13:43:41 0 d-------- C:\Program Files\CCleaner
2008-02-22 13:26:10 0 d-------- C:\Program Files\Windows Resource Kits
2008-02-22 13:20:00 0 d-------- C:\Program Files\Opera
2008-02-22 12:16:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-22 12:16:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-02-22 10:34:12 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-22 10:34:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-22 10:34:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-22 10:34:11 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-22 10:34:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-22 10:34:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-22 10:34:11 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-22 10:34:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-22 10:34:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-22 10:34:07 0 d-------- C:\WINDOWS\%DownloadedProgramFiles%
2008-02-22 10:09:07 0 d-a------ C:\WINDOWS\system32
2008-02-22 10:09:07 20480 --a------ C:\WINDOWS\system32\normaliz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-22 09:46:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-22 09:46:27 524288 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-22 09:46:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-22 09:46:27 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-22 09:46:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-22 09:46:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-22 09:46:14 0 d-------- C:\WINDOWS\CSC
2008-02-18 16:15:19 0 d-------- C:\Documents and Settings\Cummins\.SunDownloadManager
-- Find3M Report ---------------------------------------------------------------
2008-02-22 15:40:58 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-25 09:14:46 0 d-------- C:\Program Files\FLV Player
2008-01-14 13:53:22 0 d-------- C:\Program Files\WordWeb
2008-01-14 13:51:44 0 d-------- C:\Program Files\Dictionary
-- Registry Dump ---------------------------------------------------------------
-- End of Deckard's System Scanner: finished at 2008-02-27 13:31:33 ------------
extra.txt :
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 502.73 MiB / 148.04 MiB
Pagefile Memory (total/avail): 1229.81 MiB / 782.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.96 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 14.63 GiB total, 9.46 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 9.76 GiB total, 5.5 GiB free.
F: is Fixed (FAT32) - 9.76 GiB total, 5.27 GiB free.
G: is Fixed (FAT32) - 9.76 GiB total, 1.57 GiB free.
H: is Fixed (FAT32) - 9.76 GiB total, 7.74 GiB free.
I: is Fixed (FAT32) - 17.7 GiB total, 1.57 GiB free.
J: is Fixed (FAT32) - 19.52 GiB total, 1.3 GiB free.
M: is Fixed (Ext2) - 9.77 GiB total, 5.37 GiB free.
O: is Fixed (Ext2) - 10.04 GiB total, 1.56 GiB free.
\\.\PHYSICALDRIVE0 - ST380817AS - 74.53 GiB - 8 partitions
\PARTITION0 (bootable) - Unknown - 14.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 59.87 GiB - E: - F: - G: - H: - M: - O:
\\.\PHYSICALDRIVE1 - ST940211 3A USB Device - 37.26 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 37.24 GiB - I: - J:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
-- User Profiles ---------------------------------------------------------------
Cummins
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
-- Application Event Log -------------------------------------------------------
Event Record #/Type667 / Error
Event Submitted/Written: 02/27/2008 10:48:54 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ultrasurf v8.8.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.2096, fault address 0x00012b0a.
Processing media-specific event for [ultrasurf v8.8.exe!ws!]
Event Record #/Type664 / Success
Event Submitted/Written: 02/27/2008 10:45:41 AM
Event ID/Source: 1800 / SecurityCenter
Event Description:
The Windows Security Center Service has started.
Event Record #/Type661 / Error
Event Submitted/Written: 02/27/2008 10:45:15 AM
Event ID/Source: 1000 / Windows Product Activation
Event Description:
An error occurred while the wizard was checking the current Windows product license. Error Code: 4 0x80070005
Event Record #/Type657 / Success
Event Submitted/Written: 02/27/2008 08:15:33 AM
Event ID/Source: 1800 / SecurityCenter
Event Description:
The Windows Security Center Service has started.
Event Record #/Type648 / Success
Event Submitted/Written: 02/26/2008 00:20:30 PM
Event ID/Source: 1800 / SecurityCenter
Event Description:
The Windows Security Center Service has started.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type398 / Warning
Event Submitted/Written: 02/27/2008 00:28:47 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\IT_HOD on the network \Device\NetBT_Tcpip_{68B26C19-F436-4C24-AFC8-548FBC384F63}.
The data is the error code.
Event Record #/Type386 / Error
Event Submitted/Written: 02/27/2008 10:45:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The hpdj service failed to start due to the following error:
%%2
Event Record #/Type380 / Error
Event Submitted/Written: 02/27/2008 10:44:13 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type379 / Error
Event Submitted/Written: 02/27/2008 10:44:12 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type378 / Error
Event Submitted/Written: 02/27/2008 10:44:05 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
-- End of Deckard's System Scanner: finished at 2008-02-27 13:31:33 ------------