Author Topic: Just Checking (Read 5067 times)

arjunadas · « **on:** April 14, 2009, 07:04:33 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:41 PM, on 4/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DAP\DAP.EXE
D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\Arjuna Das F Guevara.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SF5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus T10 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SC2C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Tunebite] E:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - Startup: Registration Assassin's Creed.LNK = E:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7425 bytes

Hey, this my latest Log file, can you check if there's something wrong? because just now before I post this, my system clock automatically rolled back to January 2002 and it disabled some of my programs like my antivirus but I set it back to the real time and reinstalled my antivirus program and everything's fine again..I just want to check..^^

guestolo · « **Reply #1 on:** April 16, 2009, 10:26:30 PM »

What are you checking about>?
I see the following
D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\Arjuna Das F Guevara.exe

Are you in the habit of installing illegal software, not sure If I can even help here, your probably infected or will be in the near future, good luck with your indeavors?
I'm not even sure if you need a hand?

arjunadas · « **Reply #2 on:** April 19, 2009, 05:51:38 AM »

Checking if there is something wrong..
How do you define illegal? If, for example, I downloaded feeding frenzy with its corresponding crack is illegal, then I' am in the habit of installing illegal software..anyways, if you don't see any problems then ok..like I said,Just checking..^^..tnx for the time..

guestolo · « **Reply #3 on:** April 19, 2009, 06:06:00 AM »

No, I don't see anything wrong in the log, are you experiencing any problems?

arjunadas · « **Reply #4 on:** April 20, 2009, 01:44:11 AM »

Besides the automatic and mysterious roll back of my system clock?Yesterday, while I was chatting with my friend, the monitor suddenly flashed a blue screen with some words that is in the same format in bios, it flashed for about half a second so I was not able to read it then it automatically restarted.
What's that all about?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #5 on:** April 21, 2009, 07:40:52 AM »

Let's try the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe and choose to Run it
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs please

NOTE: If you get an error message trying to post the logs back here to the forum
Just post info.txt back here
And upload log.txt

In addition:
Right click on MyComputer>>Left click PROPERTIES>>ADVANCED>>SETTINGS (Under Startup and Recovery)
Under SYSTEM FAILURE, Untick Automatically Restart
Ok out of there

Next time, instead of restarting, it may Blue screen with an error message
Post that error message back

arjunadas · « **Reply #6 on:** April 21, 2009, 05:23:58 PM »

info.txt logfile of random's system information tool 1.06 2009-03-22 22:02:18

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"D:\Program Files\7-Zip\Uninstall.exe"
A4 TECH PC Camera H-->C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe -runfromtemp -l0x0009 -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0x9 UNINST
ccff7_screensaver-->C:\WINDOWS\system32\ccff7_screensaver.scr /u
CDCheck-->"D:\Program Files\CDCheck\uninst.exe"
Cooking Dash-->"E:\Program Files\Cooking Dash\ReflexiveArcade\unins000.exe"
Diner Dash - Hometown Hero-->E:\Program Files\Uninstal.exe
Diner Dash 2 Free Trial-->"E:\Program Files\DinerDash2_at\unins000.exe"
Diner Dash Flo On The Go-->"E:\Program Files\Diner Dash Flo On The Go\ReflexiveArcade\unins000.exe"
Diner Dash Free Trial-->"E:\Program Files\DinerDash_at\unins000.exe"
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x9 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Stylus S20_T10_T20 Manual-->C:\Program Files\EPSON\TPMANUAL\ESS20_T10_T20\ENG\USE_G\DOCUNINS.EXE
EPSON Stylus T10 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEBS.EXE /R /APD /P:"EPSON Stylus T10 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESET Smart Security-->MsiExec.exe /I{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}
Feeding Frenzy 2-->D:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U D:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
Feeding Frenzy-->"D:\Program Files\Feeding Frenzy\ReflexiveArcade\unins000.exe"
Free Video to iPod Converter version 3.1-->"D:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Graboid Video 1.4-->E:\Program Files\Graboid\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(tm) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Left 4 Dead-->"C:\WINDOWS\Left 4 Dead\uninstall.exe" "/U:E:\Program Files\Left 4 Dead\Uninstall\uninstall.xml"
LimeWireTurbo-->D:\Program Files\LimeWireTurbo\uninstall.exe
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Monopoly Here & Now Edition-->C:\PROGRA~1\GAMEHO~1\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MONOPO~1\INSTALL.LOG
MOVAVI VideoSuite 3.5-->C:\Program Files\MOVAVI VideoSuite 3.5\uninst.exe
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.7)-->C:\program files\Mozilla Firefox\uninstall\helper.exe
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
P2P_Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
PlayStation®Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
PSP Video 9 2.25-->E:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Sallys Spa-->"E:\Program Files\Sallys Spa\ReflexiveArcade\unins000.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}
The Sims-->C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Maxis\The Sims\Uninst.isu"
Trojan Remover 6.7.6-->"E:\Program Files\Trojan Remover\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
WindowBlinds-->E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Essentials Media Codec Pack 1.0-->E:\Program Files\Essentials Codec Pack\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"D:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Your Uninstaller! 2008 Version 6.0-->"D:\Program Files\Your Uninstaller 2008\unins000.exe"

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

======System event log======

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8194
Source Name: Tcpip
Time Written: 20090227175624.000000-480
Event Type: warning
User:

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8193
Source Name: Tcpip
Time Written: 20090227162538.000000-480
Event Type: warning
User:

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8192
Source Name: Tcpip
Time Written: 20090227154900.000000-480
Event Type: warning
User:

Computer Name: EMILYGUEVARA
Event Code: 1002
Message: The IP address lease 202.128.38.126 for the Network Card with network address 00E0B1055E04 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 8168
Source Name: Dhcp
Time Written: 20090227151841.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8164
Source Name: Tcpip
Time Written: 20090227150130.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000057.

Record Number: 897
Source Name: Application Error
Time Written: 20090202200107.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x003a0050.

Record Number: 896
Source Name: Application Error
Time Written: 20090202181417.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035, faulting module kernel32.dll, version 5.1.2600.2180, stamp 411096b4, debug? 0, fault address 0x0001eb33.

Record Number: 895
Source Name: Microsoft Office 12
Time Written: 20090202065014.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x003a0100.

Record Number: 891
Source Name: Application Error
Time Written: 20090201223826.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application wmplayer.exe, version 9.0.0.3250, faulting module unknown, version 0.0.0.0, fault address 0x00197c03.

Record Number: 887
Source Name: Application Error
Time Written: 20090201160510.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Did everything you said and here's the info.txt..but you said there's supposed to be 2 log files, but only the log.txt popped-up when RSIT was done scanning..There is an info.txt in the RSIT folder but I'm not sure about this because maybe this is from the last time..[attachment=4989:log.txt]

guestolo · « **Reply #7 on:** April 22, 2009, 04:01:56 PM »

Has your computer blue screened yet, since you change the Auto restart setting?
If so, can you post back the error message please

arjunadas · « **Reply #8 on:** April 22, 2009, 07:46:06 PM »

Nope, not yet. I'll post it as soon as it occurs.

guestolo · « **Reply #9 on:** April 22, 2009, 08:54:03 PM »

One thing I did notice from the RSIT logs, some files we removed when you were here earlier are back
However, they were renamed, and should be harmful, just concerned why they returned

Can you do the following:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Temporarily disable your AntiVirus software so it won't interfere with this scan

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

arjunadas · « **Reply #10 on:** April 22, 2009, 09:58:12 PM »

isn't there an alternative link? I can't download it. It always stop at 3.27mb.

guestolo · « **Reply #11 on:** April 22, 2009, 10:00:04 PM »

Are you using DAP to download?
If so, can you directly download it bypassing DAP

arjunadas · « **Reply #12 on:** April 23, 2009, 08:32:05 AM »

Well, I was able to download it properly but when I try to run it, it always crashes and the "Don't Send" blah blah pops-up.. hmmm

guestolo · « **Reply #13 on:** April 24, 2009, 07:43:56 PM »

Did you disable Nod32 before you ran it?
Will it run in safe mode?

arjunadas · « **Reply #14 on:** April 25, 2009, 03:02:59 AM »

RVHOST.exe.vir;C:\WINDOWS\system32;Win32.HLLW.Myweb.1;Incurable.Moved.;
vn.cmd.vir;C:\;Trojan.PWS.Wsgame.10150;Deleted.;
A0007069.cmd;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP18;Trojan.PWS.Wsgame.10150;Deleted.;
A0007079.dll;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP18;Trojan.PWS.Wsgame.10522;Deleted.;
A0007082.cmd;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP19;Trojan.PWS.Wsgame.10150;Deleted.;
A0007093.dll;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP19;Trojan.PWS.Wsgame.10522;Deleted.;
A0007094.dll;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP19;Trojan.PWS.Wsgame.5960;Deleted.;
A0008098.dll;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.5960;Deleted.;
A0008099.dll;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.10522;Deleted.;
A0008102.cmd;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.10150;Deleted.;
A0008109.dll;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.5960;Deleted.;
A0008116.exe;C:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.10150;Deleted.;
trspack-1_0.exe\pskill.exe;D:\Local Disk (D)\trk3\trspack-1_0.exe;Tool.Prockill;;
trspack-1_0.exe;D:\Local Disk (D)\trk3;Archive contains infected objects;Moved.;
trsrun-1_0-nq.exe\pskill.exe;D:\Local Disk (D)\trk3\trsrun-1_0-nq.exe;Tool.Prockill;;
trsrun-1_0-nq.exe;D:\Local Disk (D)\trk3;Archive contains infected objects;Moved.;
trsrun-1_0.exe\pskill.exe;D:\Local Disk (D)\trk3\trsrun-1_0.exe;Tool.Prockill;;
trsrun-1_0.exe;D:\Local Disk (D)\trk3;Archive contains infected objects;Moved.;
youconv.exe;D:\Local Disk (E)\Installers;Trojan.Popuper.6374;Deleted.;
youconv.exe;D:\Local Disk (E)\Installers\youtube-convert_2.1;Trojan.Popuper.6374;Deleted.;
A0007071.cmd;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP18;Trojan.PWS.Wsgame.10150;Deleted.;
A0007084.cmd;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP19;Trojan.PWS.Wsgame.10150;Deleted.;
A0008198.cmd;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.10150;Deleted.;
A0009620.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP23;Trojan.Popuper.6374;Deleted.;
A0023605.exe\pskill.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34\A0023605.exe;Tool.Prockill;;
A0023605.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34;Archive contains infected objects;Moved.;
A0023606.exe\pskill.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34\A0023606.exe;Tool.Prockill;;
A0023606.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34;Archive contains infected objects;Moved.;
A0023607.exe\pskill.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34\A0023607.exe;Tool.Prockill;;
A0023607.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34;Archive contains infected objects;Moved.;
A0023608.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34;Trojan.Popuper.6374;Deleted.;
A0023609.exe;D:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP34;Trojan.Popuper.6374;Deleted.;
A0007073.cmd;E:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP18;Trojan.PWS.Wsgame.10150;Deleted.;
A0007086.cmd;E:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP19;Trojan.PWS.Wsgame.10150;Deleted.;
A0008209.cmd;E:\System Volume Information\_restore{9F29552D-A883-4023-B8CD-A1BE3D46855A}\RP20;Trojan.PWS.Wsgame.10150;Deleted.;

I was able to run it in safe mode and I followed every step, but I did not saw any of the images you put.
Here is the report list

guestolo · « **Reply #15 on:** April 25, 2009, 10:51:01 AM »

How's the computer running?

arjunadas · « **Reply #16 on:** April 26, 2009, 06:14:39 AM »

I thought everything was fine now but while I was playing Gunbound, my pc suddenly crashed and even if I press the 'restart' button, it won't restart. I just turned off the AVR then I turned my computer on again. While in bios, an option prompted, but I just pressed F2 which said to run default settings. Then when I logged in to my windows, my system clock rolled back again. On December 21, 2001. Why is this happening?

guestolo · « **Reply #17 on:** April 26, 2009, 09:52:07 AM »

How old is this computer?
When you shut down the power, the cmos battery should hold time/date
It may be getting weak and time for a replacement

The crashing while running your game is another issue
Do you have all latest drivers for Video/sound and motherboard?

arjunadas · « **Reply #18 on:** April 27, 2009, 12:58:19 AM »

It got weak that fast?This computer is just 4 months old. How does it weaken?

I think it's all up to date. How will I know if it's out of date?

guestolo · « **Reply #19 on:** April 27, 2009, 07:38:30 AM »

The computer is only 4 months old?
What operating system came preinstalled on it?
Or did you build the computer yourself?

What's the Exact Make/model of your computer

In addition, go to Start > Run, type in
eventvwr.msc
and click OK. An Event Viewer window will display, and here you can highlight either Applications or System for a list of events that your system logs. Any entries with a red X Error shows failures of some kind. Double clicking those entries can give more information. They can be useful for troubleshooting.
Can you let me know if you are finding Red X errors, if so, what are they related too?

News:

Author Topic: Just Checking (Read 5067 times)