Author Topic: Computer crashes after xx amount of min. (Read 1116 times)

Athrin · « **on:** June 26, 2008, 07:49:56 PM »

Having problems with computer staying on. At random, it will turn my screen black (turn off completely) and i have no choice but to restart my computer. It will do it 5 min after turning my computer on, 20 min, maybe even 2 hours. I'm not really too sure what the problem could be but help would be greatly appreciated

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Log is below.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:58 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\HJT\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

guestolo · « **Reply #1 on:** July 04, 2008, 09:54:41 AM »

Do you still need a hand?
If you do, delete your copy of Hijackthis as it's outdated

Do the next step:
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum

Athrin · « **Reply #2 on:** July 04, 2008, 01:36:28 PM »

Well, i figured it out. I put 2 1gigs of RAM in my computer a few weeks ago which is what caused it to turn off by itself at random. I then put back my 512 RAM and it hasn't done it since. I dont know why putting more RAM would make it do that =/ But i'd still like to see what could be done to fix it.

New log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:09 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
O20 - Winlogon Notify: Fly - C:\WINDOWS\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

--
End of file - 5555 bytes

guestolo · « **Reply #3 on:** July 04, 2008, 03:05:02 PM »

Can you do the following for me, I see a couple entries that may be malware related
As I don't see any AntiVirus software installed on this computer

Can you do the following:
Download and save to your Desktop
> [color=\"#FF0000\"]Avira AntiVir[/color] <

Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
Ensure to click on FORMAT and UNCheck Word Wrap if it is checked, before copying the contents
Post the contents of this report please in your next reply

AFTER you have posted the Avira report
Do the following please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Athrin · « **Reply #4 on:** July 04, 2008, 07:33:27 PM »

Ok here it is.

Avira AntiVir Personal
Report file date: Thursday, July 03, 2008 17:33

Scanning for 1378724 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DELL-NEGC1BQ3Y6

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 00:32:26
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 7/4/2008 00:32:27
ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 7/4/2008 00:32:28
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 7/4/2008 00:32:41
AESCN.DLL : 8.1.0.22 119157 Bytes 7/4/2008 00:32:40
AERDL.DLL : 8.1.0.20 418165 Bytes 7/4/2008 00:32:39
AEPACK.DLL : 8.1.1.6 364918 Bytes 7/4/2008 00:32:37
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 7/4/2008 00:32:36
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 7/4/2008 00:32:36
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/4/2008 00:32:33
AEGEN.DLL : 8.1.0.29 307573 Bytes 7/4/2008 00:32:32
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/4/2008 00:32:31
AECORE.DLL : 8.1.0.32 168311 Bytes 7/4/2008 00:32:29
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, July 03, 2008 17:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avant.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'NintendoWFCReg.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'aim.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AEK3FVOG\AruaX.ax[1].bin

Archive type: BZ2

--> AruaX.ax[1]
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.827392.2
[NOTE] The file was moved to '48e271f2.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X9MWIPOF\b[1].js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e7dbd.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X9MWIPOF\b[2].js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489f7dc1.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XWDDOJDL\i[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.jok.1
[NOTE] The file was deleted!
C:\Program Files\AruaROSE\AruaX.ax
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.827392.2
[NOTE] The file was moved to '48e2816f.qua'!
C:\System Volume Information\_restore{403FB33D-14B3-40A2-B70B-1BB214B38C2A}\RP415\A0140862.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{403FB33D-14B3-40A2-B70B-1BB214B38C2A}\RP415\A0140866.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{403FB33D-14B3-40A2-B70B-1BB214B38C2A}\RP434\A0251962.ax
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.827392.2
[NOTE] The file was moved to '489f854c.qua'!
Begin scan in 'D:\'
D:\WINDOWS\system32\Rrpnhx.exe
[DETECTION] Is the Trojan horse TR/POPMON.A4
[NOTE] The file was deleted!

End of the scan: Thursday, July 03, 2008 20:27
Used time: 2:53:30 min

The scan has been done completely.

9360 Scanning directories
426630 Files were scanned
5 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
2 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
426625 Files not concerned
2225 Archives were scanned
3 Warnings
7 Notes

Main.txt log:

Avira AntiVir Personal
Report file date: Thursday, July 03, 2008 17:33

Scanning for 1378724 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DELL-NEGC1BQ3Y6

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 00:32:26
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 7/4/2008 00:32:27
ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 7/4/2008 00:32:28
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 7/4/2008 00:32:41
AESCN.DLL : 8.1.0.22 119157 Bytes 7/4/2008 00:32:40
AERDL.DLL : 8.1.0.20 418165 Bytes 7/4/2008 00:32:39
AEPACK.DLL : 8.1.1.6 364918 Bytes 7/4/2008 00:32:37
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 7/4/2008 00:32:36
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 7/4/2008 00:32:36
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/4/2008 00:32:33
AEGEN.DLL : 8.1.0.29 307573 Bytes 7/4/2008 00:32:32
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/4/2008 00:32:31
AECORE.DLL : 8.1.0.32 168311 Bytes 7/4/2008 00:32:29
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, July 03, 2008 17:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avant.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'NintendoWFCReg.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'aim.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AEK3FVOG\AruaX.ax[1].bin

Archive type: BZ2

--> AruaX.ax[1]
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.827392.2
[NOTE] The file was moved to '48e271f2.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X9MWIPOF\b[1].js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e7dbd.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X9MWIPOF\b[2].js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489f7dc1.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XWDDOJDL\i[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.jok.1
[NOTE] The file was deleted!
C:\Program Files\AruaROSE\AruaX.ax
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.827392.2
[NOTE] The file was moved to '48e2816f.qua'!
C:\System Volume Information\_restore{403FB33D-14B3-40A2-B70B-1BB214B38C2A}\RP415\A0140862.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{403FB33D-14B3-40A2-B70B-1BB214B38C2A}\RP415\A0140866.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{403FB33D-14B3-40A2-B70B-1BB214B38C2A}\RP434\A0251962.ax
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.827392.2
[NOTE] The file was moved to '489f854c.qua'!
Begin scan in 'D:\'
D:\WINDOWS\system32\Rrpnhx.exe
[DETECTION] Is the Trojan horse TR/POPMON.A4
[NOTE] The file was deleted!

End of the scan: Thursday, July 03, 2008 20:27
Used time: 2:53:30 min

The scan has been done completely.

9360 Scanning directories
426630 Files were scanned
5 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
2 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
426625 Files not concerned
2225 Archives were scanned
3 Warnings
7 Notes

Extra.txt log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 510.98 MiB / 141.94 MiB
Pagefile Memory (total/avail): 1249.72 MiB / 840.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 11.51 GiB free.
D: is Fixed (NTFS) - 9.5 GiB total, 2.76 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - SAMSUNG SV1022D - 9.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 9.5 GiB - D:

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Rohan\\rohanclient.exe"="C:\\Program Files\\Rohan\\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Program Files\\G2G\\Orka\\Client.exe"="C:\\Program Files\\G2G\\Orka\\Client.exe:*:Enabled:Client"
"C:\\Program Files\\DazoinEng\\TCrewOnline\\TCrew_Client_R_P_Eng.exe"="C:\\Program Files\\DazoinEng\\TCrewOnline\\TCrew_Client_R_P_Eng.exe:*:Enabled:TCrew_Client"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\G2G\\Orka\\Client1.exe"="C:\\Program Files\\G2G\\Orka\\Client1.exe:*:Enabled:Client1"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-NEGC1BQ3Y6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\DELL-NEGC1BQ3Y6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=DELL-NEGC1BQ3Y6
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AruaROSE --> C:\Program Files\AruaROSE\Uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Avira AntiVir Personal â€“ Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Connections Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Neffy 1,2,0,12 --> C:\Program Files\Neffy\uninst.exe
Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type1149 / Error
Event Submitted/Written: 06/28/2008 03:31:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58ac0.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type1146 / Error
Event Submitted/Written: 06/28/2008 03:24:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58ac0.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type1131 / Error
Event Submitted/Written: 06/28/2008 01:33:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58ac0.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type1128 / Error
Event Submitted/Written: 06/28/2008 01:23:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58ac0.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type1125 / Error
Event Submitted/Written: 06/28/2008 00:58:40 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58ac0.
Processing media-specific event for [aim.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type6199 / Error
Event Submitted/Written: 07/03/2008 08:37:14 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.1,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type6175 / Error
Event Submitted/Written: 07/03/2008 08:37:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type6166 / Error
Event Submitted/Written: 07/03/2008 08:18:54 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type6165 / Error
Event Submitted/Written: 07/03/2008 08:18:53 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type6164 / Error
Event Submitted/Written: 07/03/2008 08:18:52 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

-- End of Deckard's System Scanner: finished at 2008-07-03 20:44:43 ------------

guestolo · « **Reply #5 on:** July 05, 2008, 10:54:08 AM »

You happened to post the log from Avira a couple times and left out the Main.txt from Dss.exe

Can you run dss.exe again, wait till the log opens and post it back here please

Athrin · « **Reply #6 on:** July 05, 2008, 02:20:08 PM »

Ok.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-04 15:30:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Percentage of Memory in Use: 77% (more than 75%).[/color]
[color=\"red\"]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:50 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Administrator\My Documents\Installations\dss.exe
C:\DOCUME~1\ADMINI~1\MYDOCU~1\HJT\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
O20 - Winlogon Notify: Fly - C:\WINDOWS\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

--
End of file - 6319 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-03 17:30:39 0 d-------- C:\Program Files\Avira
2008-07-03 17:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-01 04:15:15 36864 --a------ C:\WINDOWS\system32\smart.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-07-01 04:15:15 38912 --a------ C:\WINDOWS\system32\LoveFly.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-06-22 02:44:10 0 d-------- C:\Program Files\Lavasoft
2008-06-22 02:44:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-22 02:43:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 18:05:51 0 d-------- C:\Program Files\mIRC
2008-06-20 18:05:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-06-20 18:04:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
2008-06-08 14:52:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-08 14:45:03 0 d-------- C:\Program Files\ATI Technologies
2008-06-08 14:44:12 0 d-------- C:\Program Files\ATI
2008-06-08 14:21:56 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-08 14:21:33 0 d--h----- C:\Program Files\InstallShield Installation Information

-- Find3M Report ---------------------------------------------------------------

2008-07-04 05:48:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-04 02:17:16 0 d-------- C:\Program Files\Diablo II
2008-07-04 01:45:53 0 d--h----- C:\Documents and Settings\Administrator\Application Data\ijjigame
2008-06-22 02:43:37 0 d-------- C:\Program Files\Common Files
2008-06-20 18:44:58 0 d-------- C:\Program Files\Neffy
2008-06-16 14:32:25 37338 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-08 14:46:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-25 15:46:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-05-22 04:22:29 0 d-------- C:\Program Files\Intel
2008-05-16 03:58:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-14 16:42:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\IGN_DLM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [09/20/2005 10:36 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="D:\Program Files\AIM\aim.exe" [08/05/2005 04:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/28/2008 5:32:19 AM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/17/2008 2:59:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll 07/01/2008 04:15 AM 36864 C:\WINDOWS\system32\smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll 07/01/2008 04:15 AM 38912 C:\WINDOWS\system32\LoveFly.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npkcmsvc"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-07-04 15:31:25 ------------

guestolo · « **Reply #7 on:** July 05, 2008, 02:30:26 PM »

Please do the following, I want to check on a couple files

http://www.virustotal.com/flash/index_en.html
Copy and paste the following bold line to the space next to 'Upload a File'

C:\WINDOWS\SYSTEM32\smart.dll
Then use the SEND FILE button
Let it finish scanning
Could you post back the results of this scan back here please, or post the link to the results window

Do the same procedure for this file name
C:\WINDOWS\SYSTEM32\LoveFly.dll

Athrin · « **Reply #8 on:** July 05, 2008, 02:53:43 PM »

It's not letting me post back the results. I dont know why.

But on the lovefly.dll 11/33 were found to be trojans/suspicious files

and on the the smart.dll 8/33 were found.

guestolo · « **Reply #9 on:** July 05, 2008, 02:57:23 PM »

After you scan the file and show the results
Simply copy>>paste the results page link back here on both

Athrin · « **Reply #10 on:** July 05, 2008, 02:59:07 PM »

Ahhh ok. Here they are.

http://www.virustotal.com/analisis/05ef66a...a67206355fffe5b

http://www.virustotal.com/analisis/5887c03...bbdc1467b4d9147

guestolo · « **Reply #11 on:** July 05, 2008, 03:24:04 PM »

Thanks for the links
Can you do the following

Close down all browser windows, including this one
Uninstall all older versions of Java
We'll update this in a bit

Remove
J2SE Runtime Environment 5.0 Update 3
Javaâ„¢ 6 Update 3

don't reboot yet if prompted
Instead, come back here
Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]C:\WINDOWS\SYSTEM32\smart.dll
C:\WINDOWS\SYSTEM32\LoveFly.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched[/color]

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
I'll need to see it later

If you were not prompted to reboot the computer
Can you reboot now manually anyways

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
Click the "Download" button to the right.
In the Window that opens, select Windows, then check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.

Afterwards, come back here and post a fresh hijackthis log and the log from OTMoveit2 please

In addition, can you let me know if you play WOW, or use to play it

Athrin · « **Reply #12 on:** July 05, 2008, 03:40:43 PM »

Ok. Here is everything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:35 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Administrator\My Documents\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

--
End of file - 6263 bytes

LoadLibrary failed for C:\WINDOWS\SYSTEM32\smart.dll
C:\WINDOWS\SYSTEM32\smart.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\smart.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\LoveFly.dll
C:\WINDOWS\SYSTEM32\LoveFly.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\LoveFly.dll moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07042008_164251

guestolo · « **Reply #13 on:** July 05, 2008, 03:54:49 PM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Quote

In addition, can you let me know if you play WOW, or use to play it

You never answered that
Do you play WOW or any other online games currently?

Athrin · « **Reply #14 on:** July 05, 2008, 03:58:41 PM »

Ok i did that. Oh right, forgot to answer it. Umm, i play Diablo 2. And ever so often i play some other MMORPG's.

guestolo · « **Reply #15 on:** July 05, 2008, 04:12:58 PM »

Those files are related to WOW password stealers, but may also be related to other online games
To play it safe, I would change all online gaming passwords

How is everything running?

Also, about the RAM you installed, are you sure it was compatible with your system?
What is the EXACT Make/model of computer?

Athrin · « **Reply #16 on:** July 05, 2008, 04:16:50 PM »

Hmm, ok thanks. Everything is running fine.

And the make/model? I have a Dell. Not too sure of the make though.

I'm pretty positive it's compatible with my system.

PC 3200 1024MB RAM Dual CH is the type of RAM i bought.

guestolo · « **Reply #17 on:** July 05, 2008, 04:21:45 PM »

The model should be noted on either the side or front of the computer

Athrin · « **Reply #18 on:** July 05, 2008, 04:29:02 PM »

Not too sure which it is but the model number is DHM. Says Dell INC Celuron

guestolo · « **Reply #19 on:** July 05, 2008, 05:10:36 PM »

I don't think that's the whole model no..
Most Dell's I've worked with are normally clearly labelled the model

Regardless
Why not try Crucial Memory scanner and post back the results
Should give you info of exact memory and how much to install

http://www.crucial.com/

News:

Author Topic: Computer crashes after xx amount of min. (Read 1116 times)