 Random Restarts Possibly Due To Infections, I am not sure why, but my system randomly restarts |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have a terrific contest still running on the site that I wanted all our members and guests to know about. The chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
 Jul 2 2008, 05:43 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 2-July 08 Member No.: 220,075  |
Lately, my system has been encountering random restarts, and I think It is due to infections. Here are the KAV and DSS logs. The DSS Log: CODE Deckard's System Scanner v20071014.68 Run by Samuel Ferry on 2008-07-02 17:18:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 26: 2008-07-02 22:18:22 UTC - RP26 - Deckard's System Scanner Restore Point 25: 2008-07-02 08:00:22 UTC - RP25 - Software Distribution Service 3.0 24: 2008-07-02 00:40:32 UTC - RP24 - Installed Java Runtime Environment 23: 2008-07-02 00:39:12 UTC - RP23 - Installed Java(TM) 6 Update 6 22: 2008-07-01 20:09:01 UTC - RP22 - Installed SnagIt 8 -- First Restore Point -- 1: 2008-06-27 08:11:42 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-02 17:20:20 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\FileZilla Server\FileZilla Server Interface.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\NeoStats\neostats.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\xampp\apache\bin\apache.exe C:\Program Files\Anope\anope.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Unreal3.2\wircd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\xampp\xampp-control.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\FileZilla Server\FileZilla server.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\xampp\apache\bin\apache.exe C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\mIRC\mirc.exe C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Prime95\Prime95.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\twhirl\twhirl.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Samuel Ferry\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - Startup: Anope IRC Services.lnk = C:\Program Files\Anope\anope.exe O4 - Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe O4 - Startup: UnrealIRCd.lnk = C:\Program Files\Unreal3.2\wircd.exe O4 - Startup: XAMPP Control Panel.lnk = C:\xampp\xampp-control.exe O4 - Global Startup: NeoStats IRC Services.lnk = C:\Program Files\NeoStats\neostats.exe O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EAFC92FB-E051-4296-8BBB-B8881446D55E}: NameServer = 192.168.1.1 O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla server.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe -- End of file - 6975 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 giveio - c:\windows\system32\giveio.sys R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apache2.2 - "c:\xampp\apache\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; FileZilla Project; FileZilla Server> R2 mysql - c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCTV 800e Device ID: USB\VID_2304&PID_0227\070201012231 Manufacturer: Name: PCTV 800e PNP Device ID: USB\VID_2304&PID_0227\070201012231 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Device Device ID: PCI\VEN_1002&DEV_437B&SUBSYS_D6018086&REV_01\3&B1BFB68&1&A2 Manufacturer: Name: PCI Device PNP Device ID: PCI\VEN_1002&DEV_437B&SUBSYS_D6018086&REV_01\3&B1BFB68&1&A2 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-07-01 04:21:48 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-02 and 2008-07-02 ----------------------------- 2008-07-02 16:33:16 0 d-------- C:\WINDOWS\Sun 2008-07-02 16:33:15 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Sun 2008-07-02 16:09:41 0 d-------- C:\Program Files\Prime95 2008-07-02 15:53:37 0 d-------- C:\Program Files\SpeedFan 2008-07-02 00:26:38 0 d-------- C:\Program Files\FileZilla Server 2008-07-01 19:39:55 0 d-------- C:\Program Files\Java 2008-07-01 19:39:20 0 d-------- C:\Program Files\Common Files\Java 2008-07-01 19:37:45 0 d-------- C:\Program Files\Winamp 2008-07-01 15:09:10 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2008-07-01 15:09:03 0 d-------- C:\Program Files\TechSmith 2008-07-01 05:23:01 0 d-------- C:\N++RECOV 2008-07-01 04:23:53 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Apple Computer 2008-07-01 04:23:33 0 d-------- C:\Program Files\iPod 2008-07-01 04:23:25 0 d-------- C:\Program Files\iTunes 2008-07-01 04:23:09 0 d-------- C:\Program Files\Bonjour 2008-07-01 04:22:12 0 d-------- C:\Program Files\QuickTime 2008-07-01 04:22:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-01 04:21:42 0 d-------- C:\Program Files\Apple Software Update 2008-07-01 04:21:11 0 d-------- C:\Program Files\Common Files\Apple 2008-07-01 04:21:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-30 00:07:22 0 d-------- C:\Program Files\Notepad++ 2008-06-30 00:07:22 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Notepad++ 2008-06-29 23:15:52 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\TeamViewer 2008-06-29 23:15:37 0 d-------- C:\Documents and Settings\Samuel Ferry\temp 2008-06-29 23:09:39 0 d-------- C:\Program Files\VentSrv 2008-06-29 23:09:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-29 03:29:28 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\vlc 2008-06-29 01:56:27 0 d-------- C:\Program Files\VideoLAN 2008-06-29 01:47:33 0 d-------- C:\Program Files\7-Zip 2008-06-28 22:09:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-06-28 22:06:38 53248 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration> 2008-06-28 22:04:59 0 d-------- C:\WINDOWS\system32\Data 2008-06-28 22:03:10 0 d-------- C:\Program Files\Creative 2008-06-28 21:54:36 0 d-------- C:\Program Files\Alwil Software 2008-06-28 21:46:51 0 d-------- C:\Program Files\FileZilla FTP Client 2008-06-28 21:45:34 0 d-------- C:\WINDOWS\system32\appmgmt 2008-06-28 21:12:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-28 21:12:04 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-28 20:19:57 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 2008-06-28 19:58:50 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Thunderbird 2008-06-28 19:58:29 0 d-------- C:\Program Files\Mozilla Thunderbird 2008-06-28 19:56:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-06-28 19:56:48 0 d-------- C:\Program Files\twhirl 2008-06-28 19:56:43 0 d-------- C:\Program Files\Common Files\Adobe AIR 2008-06-28 03:39:40 0 d-------- C:\WINDOWS\pss 2008-06-28 01:53:13 0 d-------- C:\Program Files\RealVNC 2008-06-27 21:40:51 0 d-------- C:\Documents and Settings\Samuel Ferry\.VirtualBox 2008-06-27 21:17:26 0 d-------- C:\Program Files\uTorrent 2008-06-27 21:17:23 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\uTorrent 2008-06-27 21:12:41 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-06-27 21:12:35 0 d-------- C:\Program Files\Sun 2008-06-27 19:30:08 0 d-------- C:\Program Files\IrfanView 2008-06-27 19:09:32 0 d-------- C:\Program Files\NeoStats 2008-06-27 19:05:40 0 d-------- C:\Perl 2008-06-27 19:03:31 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-06-27 12:18:13 0 d-------- C:\Program Files\Microsoft Silverlight 2008-06-27 12:12:02 0 d-------- C:\Program Files\Microsoft Synchronization Services 2008-06-27 12:12:02 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-06-27 12:07:14 0 d-------- C:\Program Files\Microsoft.NET 2008-06-27 12:07:13 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0 2008-06-27 12:07:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-27 12:06:36 0 d-------- C:\Program Files\Microsoft SDKs 2008-06-27 12:05:14 0 d-------- C:\Program Files\MSBuild 2008-06-27 12:05:08 0 d-------- C:\WINDOWS\system32\XPSViewer 2008-06-27 12:05:01 0 d-------- C:\Program Files\Reference Assemblies 2008-06-27 12:00:51 0 d-------- C:\Program Files\MSXML 6.0 2008-06-27 10:06:14 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\IceChat 2008-06-27 10:05:57 143360 --a------ C:\WINDOWS\system32\unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL> 2008-06-27 10:05:56 0 d-------- C:\Program Files\IceChat7 2008-06-27 03:26:36 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-27 03:26:34 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Mozilla 2008-06-27 03:24:59 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Macromedia 2008-06-27 03:24:59 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Adobe 2008-06-27 03:22:17 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\ATI 2008-06-27 03:22:17 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-06-27 03:22:03 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-06-27 03:19:35 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified;; ATI Smart> 2008-06-27 03:19:21 0 d-------- C:\Program Files\ATI Technologies 2008-06-27 03:19:20 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-27 03:19:02 0 d-------- C:\Program Files\Common Files\InstallShield 2008-06-27 03:18:50 0 d-------- C:\ATI 2008-06-27 03:12:00 0 d-------- C:\SYSPREP 2008-06-27 03:11:55 0 d-------- C:\Documents and Settings\Samuel Ferry\WINDOWS 2008-06-27 03:11:55 0 d--h----- C:\Documents and Settings\Samuel Ferry\Templates 2008-06-27 03:11:55 0 dr------- C:\Documents and Settings\Samuel Ferry\Start Menu 2008-06-27 03:11:55 0 dr-h----- C:\Documents and Settings\Samuel Ferry\SendTo 2008-06-27 03:11:55 0 dr-h----- C:\Documents and Settings\Samuel Ferry\Recent 2008-06-27 03:11:55 0 d--h----- C:\Documents and Settings\Samuel Ferry\PrintHood 2008-06-27 03:11:55 2359296 --ah----- C:\Documents and Settings\Samuel Ferry\NTUSER.DAT 2008-06-27 03:11:55 0 d--h----- C:\Documents and Settings\Samuel Ferry\NetHood 2008-06-27 03:11:55 0 dr------- C:\Documents and Settings\Samuel Ferry\My Documents 2008-06-27 03:11:55 0 d--h----- C:\Documents and Settings\Samuel Ferry\Local Settings 2008-06-27 03:11:55 0 dr------- C:\Documents and Settings\Samuel Ferry\Favorites 2008-06-27 03:11:55 0 d-------- C:\Documents and Settings\Samuel Ferry\Desktop 2008-06-27 03:11:55 0 d---s---- C:\Documents and Settings\Samuel Ferry\Cookies 2008-06-27 03:11:55 0 dr-h----- C:\Documents and Settings\Samuel Ferry\Application Data 2008-06-27 03:11:55 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\Identities 2008-06-27 03:10:39 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-27 03:04:57 0 d-------- C:\Documents and Settings\Default User\WINDOWS 2008-06-27 03:04:56 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-06-27 03:04:54 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT 2008-06-27 03:04:53 2 -r-hs---- C:\USER 2008-06-27 03:04:53 2 --a------ C:\REQUEST_OEMRESET_ENDUSER 2008-06-27 03:00:48 0 d--hs---- C:\System Volume Information 2008-06-27 03:00:29 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-27 02:59:27 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2008-06-27 02:53:09 0 d-------- C:\OpenSSL 2008-06-27 02:46:03 0 d-------- C:\WINDOWS\SMINST 2008-06-27 02:45:56 0 d-------- C:\WINDOWS\I386 2008-06-27 02:45:37 0 d-------- C:\Program Files\mIRC 2008-06-27 02:38:26 13632 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-06-27 02:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-06-27 02:08:55 0 d-------- C:\Program Files\Anope 2008-06-27 01:59:07 0 d-------- C:\Program Files\Unreal3.2 2008-06-27 01:42:27 155648 --a------ C:\WINDOWS\system32\ssleay32.dll 2008-06-27 01:42:27 155648 --a------ C:\WINDOWS\system32\libssl32.dll 2008-06-27 01:42:27 823296 --a------ C:\WINDOWS\system32\libeay32.dll 2008-06-27 01:41:15 0 d-------- C:\Documents and Settings\Samuel Ferry\Application Data\mIRC 2008-06-27 01:30:47 0 d-------- C:\xampp -- Find3M Report --------------------------------------------------------------- 2008-07-01 19:39:20 0 d-------- C:\Program Files\Common Files 2008-06-27 02:59:23 0 d-------- C:\Program Files\Windows NT 2008-06-27 02:59:20 0 d-------- C:\Program Files\Movie Maker 2008-06-27 02:59:19 0 d-------- C:\Program Files\Messenger 2008-06-27 02:45:20 0 d-------- C:\Program Files\Online Services -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 10:56 PM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM] "P17Helper"="P17.dll" [05/03/2005 06:38 AM C:\WINDOWS\system32\P17.dll] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM] "FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [12/25/2007 04:25 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [10/15/2007 03:19 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 06:24 PM] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [11/17/2006 04:42 AM] C:\Documents and Settings\Samuel Ferry\Start Menu\Programs\Startup\ Anope IRC Services.lnk - C:\Program Files\Anope\anope.exe [1/11/2008 3:52:02 AM] Run VNC Server.lnk - C:\Program Files\RealVNC\VNC4\winvnc4.exe [6/28/2008 1:53:13 AM] UnrealIRCd.lnk - C:\Program Files\Unreal3.2\wircd.exe [6/27/2008 1:59:07 AM] XAMPP Control Panel.lnk - C:\xampp\xampp-control.exe [12/20/2007 9:01:02 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ NeoStats IRC Services.lnk - C:\Program Files\NeoStats\neostats.exe [6/27/2008 7:03:29 PM] SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2/16/2007 6:40:52 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) *Newly Created Service* - GIVEIO *Newly Created Service* - SPEEDFAN -- End of Deckard's System Scanner: finished at 2008-07-02 17:25:12 ------------ The extra.txt File: CODE Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of Memory in Use: 52% Physical Memory (total/avail): 893.5 MiB / 426.6 MiB Pagefile Memory (total/avail): 3420.53 MiB / 2652.2 MiB Virtual Memory (total/avail): 2047.88 MiB / 1917.6 MiB C: is Fixed (NTFS) - 143.75 GiB total, 125.06 GiB free. D: is CDROM (CDFS) E: is Removable (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD1600BB-22RDA0 - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 143.75 GiB - C: \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: avast! antivirus 4.8.1201 [VPS 080702-0] v4.8.1201 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\Unreal3.2\\wircd.exe"="C:\\Program Files\\Unreal3.2\\wircd.exe:*:Enabled:wircd" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\DU Meter\\DUMeter.exe"="C:\\Program Files\\DU Meter\\DUMeter.exe:*:Enabled:DUMeter" "C:\\Program Files\\DU Meter\\DUMeterSvc.exe"="C:\\Program Files\\DU Meter\\DUMeterSvc.exe:*:Enabled:DUMeterSvc" "C:\\Program Files\\IceChat7\\IceChat7.exe"="C:\\Program Files\\IceChat7\\IceChat7.exe:*:Enabled:Internet Relay Chat Client" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Documents and Settings\\Samuel Ferry\\Desktop\\hfs.exe"="C:\\Documents and Settings\\Samuel Ferry\\Desktop\\hfs.exe:*:Enabled:hfs" "C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"="C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Samuel Ferry\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SAM-E851BB91AC ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Samuel Ferry LOGONSERVER=\\SAM-E851BB91AC NUMBER_OF_PROCESSORS=2 OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf OS=Windows_NT Path=C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=040a ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\SAMUEL~1\LOCALS~1\Temp TMP=C:\DOCUME~1\SAMUEL~1\LOCALS~1\Temp USERDOMAIN=SAM-E851BB91AC USERNAME=Samuel Ferry USERPROFILE=C:\Documents and Settings\Samuel Ferry windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Samuel Ferry [I](admin)[/I] Administrator [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe" ActivePerl 5.10.0 Build 1002 --> MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5} Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe AMIP for iTunes (remove only) --> "C:\Program Files\iTunes\Plug-ins\amip_uninstall.exe" AMIPConfigurator (remove only) --> "C:\Program Files\iTunes\Plug-ins\un_configurator.exe" Anope IRC Services 1.7.21 --> C:\Program Files\Anope\uninst.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove FileZilla Client 3.0.11 --> C:\Program Files\FileZilla FTP Client\uninstall.exe FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe" IceChat 7.0 (Build 20060924) --> "C:\Program Files\IceChat7\unins000.exe" IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0} Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8} Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3} Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB} Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350} Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06} mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSDN Library for Microsoft Visual Studio 2008 Express Editions --> C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} NeoStats IRC Services --> "C:\Program Files\NeoStats\un_NeoStats-Setup_20300.exe" Notepad++ --> C:\Program Files\Notepad++\uninstall.exe OpenSSL 0.9.7m --> "C:\OpenSSL\unins000.exe" Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log" QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Security Update for Step By Step Interactive Training (KB898458) --> SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A} Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe" Sun xVM VirtualBox --> MsiExec.exe /I{E2EA0C33-43B3-48A4-87CA-2BDA2F8ABF68} twhirl --> msiexec /qb /x {E8964839-3135-A4A6-A23B-0B9D65108D4E} twhirl --> MsiExec.exe /I{E8964839-3135-A4A6-A23B-0B9D65108D4E} UnrealIRCd3.2.7 --> "C:\Program Files\Unreal3.2\unins000.exe" Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80} VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe" Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe" XAMPP 1.6.6a --> "c:\xampp\uninstall.exe" XML Paper Specification Shared Components Pack 1.0 --> -- Application Event Log ------------------------------------------------------- Event Record #/Type210 / Error Event Submitted/Written: 07/02/2008 03:07:55 AM Event ID/Source: 1 / WinVNC4 Event Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048) Event Record #/Type209 / Error Event Submitted/Written: 07/02/2008 03:07:55 AM Event ID/Source: 1 / WinVNC4 Event Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048) Event Record #/Type208 / Error Event Submitted/Written: 07/02/2008 03:07:55 AM Event ID/Source: 1 / WinVNC4 Event Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048) Event Record #/Type200 / Error Event Submitted/Written: 07/01/2008 08:31:07 AM Event ID/Source: 5000 / .NET Runtime 2.0 Error Reporting Event Description: EventType clr20r3, P1 pirillo.exe, P2 1.0.0.0, P3 486a3109, P4 pirillo, P5 1.0.0.0, P6 486a3109, P7 d, P8 c6, P9 clr20r30, P10 clr20r31. Event Record #/Type199 / Error Event Submitted/Written: 07/01/2008 08:31:02 AM Event ID/Source: 5000 / .NET Runtime 2.0 Error Reporting Event Description: EventType clr20r3, P1 pirillo.exe, P2 1.0.0.0, P3 486a3109, P4 pirillo, P5 1.0.0.0, P6 486a3109, P7 d, P8 c6, P9 clr20r30, P10 clr20r31. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type794 / Warning Event Submitted/Written: 07/02/2008 04:47:08 PM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type748 / Error Event Submitted/Written: 07/01/2008 03:54:27 PM Event ID/Source: 7024 / Service Control Manager Event Description: The Apache2.2 service terminated with service-specific error 1 (0x1). Event Record #/Type744 / Warning Event Submitted/Written: 07/01/2008 03:09:47 PM Event ID/Source: 20 / Print Event Description: Printer Driver SnagIt 8 Printer for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, SNAGITP8.GPD, UNIDRV.HLP, SNAGITD8.DLL, STDNAMES.GPD, UNIRES.DLL, SNAGITP8.INI. Event Record #/Type741 / Warning Event Submitted/Written: 07/01/2008 02:58:31 PM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type728 / Error Event Submitted/Written: 07/01/2008 01:20:15 AM Event ID/Source: 7024 / Service Control Manager Event Description: The Apache2.2 service terminated with service-specific error 1 (0x1). -- End of Deckard's System Scanner: finished at 2008-07-02 17:25:12 ------------ Here Is The KAV Report: CODE -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, July 2, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, July 02, 2008 21:39:10 Records in database: 908160 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 63071 Threat name: 4 Infected objects: 17 Suspicious objects: 0 Duration of the scan: 00:38:03 File name / Threat name / Threats count C:\Program Files\RealVNC\VNC4\winvnc4.exe/C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\mIRC\mirc.exe/C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe//PE_Patch.UPX//UPX Infected: not-a-virus:Server-FTP.Win32.SFH.d 1 C:\Documents and Settings\Samuel Ferry\Desktop\hfs.exe Infected: not-a-virus:Server-FTP.Win32.SFH.d 1 C:\Documents and Settings\Samuel Ferry\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vphkida.default\Cache\5616B946d01 Infected: not-a-virus:Server-FTP.Win32.SFH.d 1 C:\Documents and Settings\Samuel Ferry\Local Settings\Temp\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Documents and Settings\Samuel Ferry\Local Settings\Temp\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\RECYCLER\S-1-5-21-505515364-3134668569-212181451-1006\Dc26.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4 The selected area was scanned. -Sam (TheCellist42) |
 |
 
|
|
Jul 2 2008, 06:52 PM
Post
#2
|
|
 Bleepin' Animin Group: Site Admin Posts: 5,918 Joined: 18-August 05 From: Now On... Member No.: 31,547 |
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.
Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer. Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff/Animal p.s. It is not necessary to use the 'code' command when posting a log. It's much easier to read when it is a simple copy and paste in the post. -------------------- The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life. Andrew Brown  "On the keyboard of life, always keep one finger on the escape key." — Scott Adams. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 5th December 2008 - 12:07 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.