Help - Search - Members - Calendar
Full Version: Random Restarts Possibly Due To Infections
BleepingComputer.com > Security > HijackThis Logs and Malware Removal > Misplaced HJT Logs
   
cellist
Jul 2 2008, 05:43 PM
Hey.

Lately, my system has been encountering random restarts, and I think It is due to infections. Here are the KAV and DSS logs.


The DSS Log:
CODE
Deckard's System Scanner v20071014.68
Run by Samuel Ferry on 2008-07-02 17:18:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-07-02 22:18:22 UTC - RP26 - Deckard's System Scanner Restore Point
25: 2008-07-02 08:00:22 UTC - RP25 - Software Distribution Service 3.0
24: 2008-07-02 00:40:32 UTC - RP24 - Installed Java Runtime Environment
23: 2008-07-02 00:39:12 UTC - RP23 - Installed Java(TM) 6 Update 6
22: 2008-07-01 20:09:01 UTC - RP22 - Installed SnagIt 8


-- First Restore Point --
1: 2008-06-27 08:11:42 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-02 17:20:20
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\NeoStats\neostats.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Anope\anope.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Unreal3.2\wircd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\xampp\xampp-control.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla server.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Prime95\Prime95.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\twhirl\twhirl.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Samuel Ferry\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - Startup: Anope IRC Services.lnk = C:\Program Files\Anope\anope.exe
O4 - Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Startup: UnrealIRCd.lnk = C:\Program Files\Unreal3.2\wircd.exe
O4 - Startup: XAMPP Control Panel.lnk = C:\xampp\xampp-control.exe
O4 - Global Startup: NeoStats IRC Services.lnk = C:\Program Files\NeoStats\neostats.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EAFC92FB-E051-4296-8BBB-B8881446D55E}: NameServer = 192.168.1.1
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla server.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe


--
End of file - 6975 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2.2 - "c:\xampp\apache\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; FileZilla Project; FileZilla Server>
R2 mysql - c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCTV 800e
Device ID: USB\VID_2304&PID_0227\070201012231
Manufacturer:
Name: PCTV 800e
PNP Device ID: USB\VID_2304&PID_0227\070201012231
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_1002&DEV_437B&SUBSYS_D6018086&REV_01\3&B1BFB68&1&A2
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_1002&DEV_437B&SUBSYS_D6018086&REV_01\3&B1BFB68&1&A2
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-01 04:21:48       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 16:33:16         0 d-------- C:\WINDOWS\Sun
2008-07-02 16:33:15         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Sun
2008-07-02 16:09:41         0 d-------- C:\Program Files\Prime95
2008-07-02 15:53:37         0 d-------- C:\Program Files\SpeedFan
2008-07-02 00:26:38         0 d-------- C:\Program Files\FileZilla Server
2008-07-01 19:39:55         0 d-------- C:\Program Files\Java
2008-07-01 19:39:20         0 d-------- C:\Program Files\Common Files\Java
2008-07-01 19:37:45         0 d-------- C:\Program Files\Winamp
2008-07-01 15:09:10         0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-01 15:09:03         0 d-------- C:\Program Files\TechSmith
2008-07-01 05:23:01         0 d-------- C:\N++RECOV
2008-07-01 04:23:53         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Apple Computer
2008-07-01 04:23:33         0 d-------- C:\Program Files\iPod
2008-07-01 04:23:25         0 d-------- C:\Program Files\iTunes
2008-07-01 04:23:09         0 d-------- C:\Program Files\Bonjour
2008-07-01 04:22:12         0 d-------- C:\Program Files\QuickTime
2008-07-01 04:22:10         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-01 04:21:42         0 d-------- C:\Program Files\Apple Software Update
2008-07-01 04:21:11         0 d-------- C:\Program Files\Common Files\Apple
2008-07-01 04:21:10         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-30 00:07:22         0 d-------- C:\Program Files\Notepad++
2008-06-30 00:07:22         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Notepad++
2008-06-29 23:15:52         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\TeamViewer
2008-06-29 23:15:37         0 d-------- C:\Documents and Settings\Samuel Ferry\temp
2008-06-29 23:09:39         0 d-------- C:\Program Files\VentSrv
2008-06-29 23:09:15         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 03:29:28         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\vlc
2008-06-29 01:56:27         0 d-------- C:\Program Files\VideoLAN
2008-06-29 01:47:33         0 d-------- C:\Program Files\7-Zip
2008-06-28 22:09:47         0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-28 22:06:38     53248 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-06-28 22:04:59         0 d-------- C:\WINDOWS\system32\Data
2008-06-28 22:03:10         0 d-------- C:\Program Files\Creative
2008-06-28 21:54:36         0 d-------- C:\Program Files\Alwil Software
2008-06-28 21:46:51         0 d-------- C:\Program Files\FileZilla FTP Client
2008-06-28 21:45:34         0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-28 21:12:27         0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-28 21:12:04         0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-28 20:19:57         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2008-06-28 19:58:50         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Thunderbird
2008-06-28 19:58:29         0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-28 19:56:57         0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-28 19:56:48         0 d-------- C:\Program Files\twhirl
2008-06-28 19:56:43         0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-28 03:39:40         0 d-------- C:\WINDOWS\pss
2008-06-28 01:53:13         0 d-------- C:\Program Files\RealVNC
2008-06-27 21:40:51         0 d-------- C:\Documents and Settings\Samuel Ferry\.VirtualBox
2008-06-27 21:17:26         0 d-------- C:\Program Files\uTorrent
2008-06-27 21:17:23         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\uTorrent
2008-06-27 21:12:41         0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-27 21:12:35         0 d-------- C:\Program Files\Sun
2008-06-27 19:30:08         0 d-------- C:\Program Files\IrfanView
2008-06-27 19:09:32         0 d-------- C:\Program Files\NeoStats
2008-06-27 19:05:40         0 d-------- C:\Perl
2008-06-27 19:03:31     17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-27 12:18:13         0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-27 12:12:02         0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-27 12:12:02         0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-27 12:07:14         0 d-------- C:\Program Files\Microsoft.NET
2008-06-27 12:07:13         0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-27 12:07:12         0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-27 12:06:36         0 d-------- C:\Program Files\Microsoft SDKs
2008-06-27 12:05:14         0 d-------- C:\Program Files\MSBuild
2008-06-27 12:05:08         0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-27 12:05:01         0 d-------- C:\Program Files\Reference Assemblies
2008-06-27 12:00:51         0 d-------- C:\Program Files\MSXML 6.0
2008-06-27 10:06:14         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\IceChat
2008-06-27 10:05:57    143360 --a------ C:\WINDOWS\system32\unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-06-27 10:05:56         0 d-------- C:\Program Files\IceChat7
2008-06-27 03:26:36         0 --a------ C:\WINDOWS\nsreg.dat
2008-06-27 03:26:34         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Mozilla
2008-06-27 03:24:59         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Macromedia
2008-06-27 03:24:59         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Adobe
2008-06-27 03:22:17         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\ATI
2008-06-27 03:22:17         0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-27 03:22:03         0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-27 03:19:35    593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified;; ATI Smart>
2008-06-27 03:19:21         0 d-------- C:\Program Files\ATI Technologies
2008-06-27 03:19:20         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 03:19:02         0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-27 03:18:50         0 d-------- C:\ATI
2008-06-27 03:12:00         0 d-------- C:\SYSPREP
2008-06-27 03:11:55         0 d-------- C:\Documents and Settings\Samuel Ferry\WINDOWS
2008-06-27 03:11:55         0 d--h----- C:\Documents and Settings\Samuel Ferry\Templates
2008-06-27 03:11:55         0 dr------- C:\Documents and Settings\Samuel Ferry\Start Menu
2008-06-27 03:11:55         0 dr-h----- C:\Documents and Settings\Samuel Ferry\SendTo
2008-06-27 03:11:55         0 dr-h----- C:\Documents and Settings\Samuel Ferry\Recent
2008-06-27 03:11:55         0 d--h----- C:\Documents and Settings\Samuel Ferry\PrintHood
2008-06-27 03:11:55   2359296 --ah----- C:\Documents and Settings\Samuel Ferry\NTUSER.DAT
2008-06-27 03:11:55         0 d--h----- C:\Documents and Settings\Samuel Ferry\NetHood
2008-06-27 03:11:55         0 dr------- C:\Documents and Settings\Samuel Ferry\My Documents
2008-06-27 03:11:55         0 d--h----- C:\Documents and Settings\Samuel Ferry\Local Settings
2008-06-27 03:11:55         0 dr------- C:\Documents and Settings\Samuel Ferry\Favorites
2008-06-27 03:11:55         0 d-------- C:\Documents and Settings\Samuel Ferry\Desktop
2008-06-27 03:11:55         0 d---s---- C:\Documents and Settings\Samuel Ferry\Cookies
2008-06-27 03:11:55         0 dr-h----- C:\Documents and Settings\Samuel Ferry\Application Data
2008-06-27 03:11:55         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Identities
2008-06-27 03:10:39         0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-27 03:04:57         0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-27 03:04:56         0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-27 03:04:54    262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-27 03:04:53         2 -r-hs---- C:\USER
2008-06-27 03:04:53         2 --a------ C:\REQUEST_OEMRESET_ENDUSER
2008-06-27 03:00:48         0 d--hs---- C:\System Volume Information
2008-06-27 03:00:29         0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-27 02:59:27        60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-27 02:53:09         0 d-------- C:\OpenSSL
2008-06-27 02:46:03         0 d-------- C:\WINDOWS\SMINST
2008-06-27 02:45:56         0 d-------- C:\WINDOWS\I386
2008-06-27 02:45:37         0 d-------- C:\Program Files\mIRC
2008-06-27 02:38:26     13632 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-27 02:23:16         0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-06-27 02:08:55         0 d-------- C:\Program Files\Anope
2008-06-27 01:59:07         0 d-------- C:\Program Files\Unreal3.2
2008-06-27 01:42:27    155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-06-27 01:42:27    155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-06-27 01:42:27    823296 --a------ C:\WINDOWS\system32\libeay32.dll
2008-06-27 01:41:15         0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\mIRC
2008-06-27 01:30:47         0 d-------- C:\xampp


-- Find3M Report ---------------------------------------------------------------

2008-07-01 19:39:20         0 d-------- C:\Program Files\Common Files
2008-06-27 02:59:23         0 d-------- C:\Program Files\Windows NT
2008-06-27 02:59:20         0 d-------- C:\Program Files\Movie Maker
2008-06-27 02:59:19         0 d-------- C:\Program Files\Messenger
2008-06-27 02:45:20         0 d-------- C:\Program Files\Online Services


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 10:56 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM]
"P17Helper"="P17.dll" [05/03/2005 06:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [12/25/2007 04:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [10/15/2007 03:19 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 06:24 PM]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [11/17/2006 04:42 AM]

C:\Documents and Settings\Samuel Ferry\Start Menu\Programs\Startup\
Anope IRC Services.lnk - C:\Program Files\Anope\anope.exe [1/11/2008 3:52:02 AM]
Run VNC Server.lnk - C:\Program Files\RealVNC\VNC4\winvnc4.exe [6/28/2008 1:53:13 AM]
UnrealIRCd.lnk - C:\Program Files\Unreal3.2\wircd.exe [6/27/2008 1:59:07 AM]
XAMPP Control Panel.lnk - C:\xampp\xampp-control.exe [12/20/2007 9:01:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NeoStats IRC Services.lnk - C:\Program Files\NeoStats\neostats.exe [6/27/2008 7:03:29 PM]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2/16/2007 6:40:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

*Newly Created Service* - GIVEIO
*Newly Created Service* - SPEEDFAN



-- End of Deckard's System Scanner: finished at 2008-07-02 17:25:12 ------------


The extra.txt File:

CODE
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 893.5 MiB / 426.6 MiB
Pagefile Memory (total/avail): 3420.53 MiB / 2652.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.6 MiB

C: is Fixed (NTFS) - 143.75 GiB total, 125.06 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22RDA0 - 149.05 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 143.75 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1201 [VPS 080702-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Unreal3.2\\wircd.exe"="C:\\Program Files\\Unreal3.2\\wircd.exe:*:Enabled:wircd"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\DU Meter\\DUMeter.exe"="C:\\Program Files\\DU Meter\\DUMeter.exe:*:Enabled:DUMeter"
"C:\\Program Files\\DU Meter\\DUMeterSvc.exe"="C:\\Program Files\\DU Meter\\DUMeterSvc.exe:*:Enabled:DUMeterSvc"
"C:\\Program Files\\IceChat7\\IceChat7.exe"="C:\\Program Files\\IceChat7\\IceChat7.exe:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Samuel Ferry\\Desktop\\hfs.exe"="C:\\Documents and Settings\\Samuel Ferry\\Desktop\\hfs.exe:*:Enabled:hfs"
"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"="C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Samuel Ferry\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAM-E851BB91AC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Samuel Ferry
LOGONSERVER=\\SAM-E851BB91AC
NUMBER_OF_PROCESSORS=2
OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
OS=Windows_NT
Path=C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SAMUEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SAMUEL~1\LOCALS~1\Temp
USERDOMAIN=SAM-E851BB91AC
USERNAME=Samuel Ferry
USERPROFILE=C:\Documents and Settings\Samuel Ferry
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Samuel Ferry [I](admin)[/I]
Administrator [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9  /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
ActivePerl 5.10.0 Build 1002 --> MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AMIP for iTunes (remove only) --> "C:\Program Files\iTunes\Plug-ins\amip_uninstall.exe"
AMIPConfigurator (remove only) --> "C:\Program Files\iTunes\Plug-ins\un_configurator.exe"
Anope IRC Services 1.7.21 --> C:\Program Files\Anope\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9  /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9  /remove
FileZilla Client 3.0.11 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe"
IceChat 7.0 (Build 20060924) --> "C:\Program Files\IceChat7\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSDN Library for Microsoft Visual Studio 2008 Express Editions --> C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NeoStats IRC Services --> "C:\Program Files\NeoStats\un_NeoStats-Setup_20300.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
OpenSSL 0.9.7m --> "C:\OpenSSL\unins000.exe"
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Security Update for Step By Step Interactive Training (KB898458) -->
SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9  /remove
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Sun xVM VirtualBox --> MsiExec.exe /I{E2EA0C33-43B3-48A4-87CA-2BDA2F8ABF68}
twhirl --> msiexec /qb /x {E8964839-3135-A4A6-A23B-0B9D65108D4E}
twhirl --> MsiExec.exe /I{E8964839-3135-A4A6-A23B-0B9D65108D4E}
UnrealIRCd3.2.7 --> "C:\Program Files\Unreal3.2\unins000.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
XAMPP 1.6.6a --> "c:\xampp\uninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type210 / Error
Event Submitted/Written: 07/02/2008 03:07:55 AM
Event ID/Source: 1 / WinVNC4
Event Description:
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Event Record #/Type209 / Error
Event Submitted/Written: 07/02/2008 03:07:55 AM
Event ID/Source: 1 / WinVNC4
Event Description:
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Event Record #/Type208 / Error
Event Submitted/Written: 07/02/2008 03:07:55 AM
Event ID/Source: 1 / WinVNC4
Event Description:
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Event Record #/Type200 / Error
Event Submitted/Written: 07/01/2008 08:31:07 AM
Event ID/Source: 5000 / .NET Runtime 2.0 Error Reporting
Event Description:
EventType clr20r3, P1 pirillo.exe, P2 1.0.0.0, P3 486a3109, P4 pirillo, P5 1.0.0.0, P6 486a3109, P7 d, P8 c6, P9 clr20r30, P10 clr20r31.

Event Record #/Type199 / Error
Event Submitted/Written: 07/01/2008 08:31:02 AM
Event ID/Source: 5000 / .NET Runtime 2.0 Error Reporting
Event Description:
EventType clr20r3, P1 pirillo.exe, P2 1.0.0.0, P3 486a3109, P4 pirillo, P5 1.0.0.0, P6 486a3109, P7 d, P8 c6, P9 clr20r30, P10 clr20r31.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type794 / Warning
Event Submitted/Written: 07/02/2008 04:47:08 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type748 / Error
Event Submitted/Written: 07/01/2008 03:54:27 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Apache2.2 service terminated with service-specific error 1 (0x1).

Event Record #/Type744 / Warning
Event Submitted/Written: 07/01/2008 03:09:47 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver SnagIt 8 Printer for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, SNAGITP8.GPD, UNIDRV.HLP, SNAGITD8.DLL, STDNAMES.GPD, UNIRES.DLL, SNAGITP8.INI.

Event Record #/Type741 / Warning
Event Submitted/Written: 07/01/2008 02:58:31 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type728 / Error
Event Submitted/Written: 07/01/2008 01:20:15 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Apache2.2 service terminated with service-specific error 1 (0x1).



-- End of Deckard's System Scanner: finished at 2008-07-02 17:25:12 ------------



Here Is The KAV Report:

CODE
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 02, 2008 21:39:10
Records in database: 908160
--------------------------------------------------------------------------------

Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

Scan statistics:
    Files scanned: 63071
    Threat name: 4
    Infected objects: 17
    Suspicious objects: 0
    Duration of the scan: 00:38:03


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\winvnc4.exe/C:\Program Files\RealVNC\VNC4\winvnc4.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    1
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    1
C:\Program Files\mIRC\mirc.exe/C:\Program Files\mIRC\mirc.exe    Infected: not-a-virus:Client-IRC.Win32.mIRC.631    1
C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe//PE_Patch.UPX//UPX    Infected: not-a-virus:Server-FTP.Win32.SFH.d    1
C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe    Infected: not-a-virus:Server-FTP.Win32.SFH.d    1
C:\Documents and Settings\Samuel Ferry\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vphkida.default\Cache\5616B946d01    Infected: not-a-virus:Server-FTP.Win32.SFH.d    1
C:\Documents and Settings\Samuel Ferry\Local Settings\Temp\mirc631.exe    Infected: not-a-virus:Client-IRC.Win32.mIRC.631    1
C:\Documents and Settings\Samuel Ferry\Local Settings\Temp\mirc632.exe    Infected: not-a-virus:Client-IRC.Win32.mIRC.632    1
C:\Program Files\mIRC\mirc.exe    Infected: not-a-virus:Client-IRC.Win32.mIRC.631    1
C:\Program Files\RealVNC\VNC4\vncconfig.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    1
C:\Program Files\RealVNC\VNC4\vncviewer.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    1
C:\Program Files\RealVNC\VNC4\winvnc4.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    1
C:\RECYCLER\S-1-5-21-505515364-3134668569-212181451-1006\Dc26.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    4

The selected area was scanned.


-Sam (TheCellist42)
Animal
Jul 2 2008, 06:52 PM
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log.

Please DO NOT post any more logs to this topic, or post a log again in the wrong forum.

The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for.

When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Thanks for your cooperation and good luck.
The BC Staff/Animal

p.s. It is not necessary to use the 'code' command when posting a log. It's much easier to read when it is a simple copy and paste in the post.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.