Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer trouble

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer trouble

Unread postby computeruser » August 16th, 2009, 3:04 am

Hi My computer has begun to have white screens that I have trouble getting out of, even with reboots.
Thanks
Steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:28 AM, on 8/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\DOCUME~1\sje\LOCALS~1\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7741 bytes
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm
Advertisement
Register to Remove

Re: computer trouble

Unread postby MWR 3 day Mod » August 19th, 2009, 3:24 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: computer trouble

Unread postby jmw3 » August 20th, 2009, 12:53 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: computer trouble

Unread postby computeruser » August 20th, 2009, 2:44 pm

Hi
1. To clarify your directions, for GMER Rootkit. I unchecked the folllowing "Sections" and and "AT/EAT" and "Show All (don't miss this one)"

but there is not option for "Drives/Partition other than Systemdrive (typically C:\)"

The program does show "Devices"
Did you mean that I should uncheck "Devices" ?
Thanks Steve


Here are my logs from DDR
1st ------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2005 10:19:22 PM
System Uptime: 8/19/2009 12:23:49 PM (21 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) 4 Mobile CPU 1.60GHz | uFC-PGA Socket | 1594/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 8.234 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Toshiba Wireless LAN Mini PCI Card
Device ID: PCMCIA\TOSHIBA-WIRELESS_LAN_CARD-E5D7\1
Manufacturer: TOSHIBA
Name: Toshiba Wireless LAN Mini PCI Card
PNP Device ID: PCMCIA\TOSHIBA-WIRELESS_LAN_CARD-E5D7\1
Service: wlluc48

==== System Restore Points ===================

RP1282: 6/3/2009 12:10:37 PM - Installed WebEx Event Manager for Internet Explorer
RP1283: 6/4/2009 2:58:16 PM - System Checkpoint
RP1284: 6/4/2009 10:43:00 PM - Software Distribution Service 3.0
RP1285: 6/5/2009 10:55:25 PM - System Checkpoint
RP1286: 6/7/2009 8:59:30 AM - System Checkpoint
RP1287: 6/8/2009 7:57:12 AM - Software Distribution Service 3.0
RP1288: 6/9/2009 10:46:25 AM - System Checkpoint
RP1289: 6/10/2009 4:15:38 PM - System Checkpoint
RP1290: 6/11/2009 4:24:45 PM - System Checkpoint
RP1291: 6/12/2009 4:59:40 PM - System Checkpoint
RP1292: 6/13/2009 7:07:51 PM - System Checkpoint
RP1293: 6/15/2009 7:38:56 AM - System Checkpoint
RP1294: 6/16/2009 9:36:21 AM - System Checkpoint
RP1295: 6/17/2009 2:06:08 PM - System Checkpoint
RP1296: 6/18/2009 3:50:26 PM - System Checkpoint
RP1297: 6/20/2009 12:40:48 PM - System Checkpoint
RP1298: 6/21/2009 11:51:48 AM - Installed Java(TM) 6 Update 14
RP1299: 6/23/2009 1:42:12 PM - System Checkpoint
RP1300: 6/24/2009 4:33:27 PM - System Checkpoint
RP1301: 6/25/2009 5:18:22 PM - System Checkpoint
RP1302: 6/26/2009 9:08:16 PM - System Checkpoint
RP1303: 6/27/2009 10:31:08 PM - System Checkpoint
RP1304: 6/29/2009 7:50:17 AM - System Checkpoint
RP1305: 6/30/2009 9:08:54 AM - System Checkpoint
RP1306: 7/1/2009 2:13:46 PM - System Checkpoint
RP1307: 7/2/2009 2:23:25 PM - System Checkpoint
RP1308: 7/3/2009 2:45:40 PM - System Checkpoint
RP1309: 7/4/2009 10:18:16 AM - Software Distribution Service 3.0
RP1310: 7/5/2009 11:03:18 AM - System Checkpoint
RP1311: 7/6/2009 12:49:07 PM - System Checkpoint
RP1312: 7/7/2009 4:00:02 PM - System Checkpoint
RP1313: 7/7/2009 11:46:35 PM - Installed YouSendIt Express
RP1314: 7/8/2009 3:06:52 PM - Software Distribution Service 3.0
RP1315: 7/9/2009 4:34:36 PM - System Checkpoint
RP1316: 7/10/2009 4:51:35 PM - System Checkpoint
RP1317: 7/11/2009 6:16:32 PM - System Checkpoint
RP1318: 7/12/2009 10:51:44 PM - System Checkpoint
RP1319: 7/14/2009 11:49:36 AM - System Checkpoint
RP1320: 7/15/2009 12:55:47 PM - System Checkpoint
RP1321: 7/16/2009 1:10:14 PM - System Checkpoint
RP1322: 7/17/2009 4:56:12 PM - System Checkpoint
RP1323: 7/18/2009 5:48:58 PM - System Checkpoint
RP1324: 7/19/2009 6:35:15 PM - System Checkpoint
RP1325: 8/5/2009 12:42:09 PM - Removed Microsoft Office Project Professional 2007 Trial
RP1326: 8/5/2009 12:47:48 PM - Removed PDFill PDF Editor with FREE PDF Writer and Tools
RP1327: 8/5/2009 12:48:20 PM - Removed QSE Level II 2009 MIDI Edition
RP1328: 8/5/2009 12:50:05 PM - Configured YouSendIt Express
RP1329: 8/10/2009 4:37:41 AM - System Checkpoint
RP1330: 8/10/2009 7:20:37 AM - Installed Nero BackItUp 2 Essentials
RP1331: 8/10/2009 4:59:44 PM - Software Distribution Service 3.0
RP1332: 8/11/2009 6:34:18 AM - Printer Driver Microsoft XPS Document Writer Installed
RP1333: 8/11/2009 4:32:37 PM - Installed YouSendIt Express
RP1334: 8/12/2009 6:52:41 AM - Removed Nero BackItUp 2 Essentials
RP1335: 8/12/2009 7:03:16 PM - Software Distribution Service 3.0
RP1336: 8/14/2009 8:31:12 AM - System Checkpoint
RP1337: 8/14/2009 1:51:23 PM - Software Distribution Service 3.0
RP1338: 8/15/2009 2:06:11 PM - Configured YouSendIt Express
RP1339: 8/16/2009 6:58:01 PM - System Checkpoint
RP1340: 8/17/2009 8:48:36 PM - System Checkpoint
RP1341: 8/19/2009 10:15:05 AM - Installed PDFill PDF Editor with FREE Writer and Free Tools
RP1342: 8/19/2009 10:15:26 AM - Printer Driver PDFill Writer Installed

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Audacity 1.2.6
AutoUpdate
Bluetooth Stack for Windows by Toshiba
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CLR Script 1.62
Compatibility Pack for the 2007 Office system
ContinuumClient
Copyist 8 Demo
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceManagementQFolder
Directory Printer 3.72
Directory Report
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocMgr
DocProc
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
Dragon NaturallySpeaking 8
Edelweiss A320-214 Flotte
Edelweiss A330-243
EPSON Attach To Email
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Scan
ESET NOD32 Antivirus
Google Earth
GPL Ghostscript 8.64
Great Lakes Beech 1900D
GSview 4.9
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Document Manager 1.2
HP Imaging Device Functions 11.5
HP Officejet Pro K5300/5400 Series
HP Officejet Pro K550 Series
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HPPhotoSmartPhotobookWebPack1
Inno Setup version 5.1.8
Intel(R) PRO Ethernet Adapter and Software
IrfanView (remove only)
Java(TM) 6 Update 14
jZip
KDEN Denver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.8
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Identity Integration Server 2003 Resource Tool Kit
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft XML Parser
MightyFax
Misc
Mozilla Firefox (3.0.13)
MS PowerPoint Print Multiple Presentations Software 7.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Musicnotes Player
Musicnotes Software Suite 1.0
NeatReceipts Professional v2.7.5
neroxml
NetZoom
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Quick Backup
Pagis Viewer 2.0
PanoStandAlone
PDF Settings
PDFill PDF Editor with FREE Writer and Free Tools
PhotoScape
PSSWCORE
Quicken 2001 New User Edition
QuickTime
RealPlayer
RME DIGICheck
RME Hammerfall DSP (WDM)
RME HDSP Meter Bridge
samplitude 7.0 professional
ScanSoft PaperPort 11
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Short Empire for FSX or FS2004
Sibelius 5 Demo
Sibelius 5 First
Speak Clipboard
SpywareBlaster 4.2
Swiss VA A319 V3.0
T-Mobile Connection Manager
Toolbox
TOSHIBA Console
Toshiba Hotkey Utility for Display Devices
TOSHIBA Management Console Version 3.5 (3.5.2)
TOSHIBA Mobile Extension3 V3.19.00
TOSHIBA Power Saver
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
Trader Workstation
Trader Workstation 4.0
TreeSize Professional 5.2.2
TTS_Technology
TWC User Controls
Tweak UI
TWS Interoperability Components
UGuide
Ultimate Traffic
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VectorEye3
VideoToolkit01
Virtual Frontier (iFDG) Airbus A-319
Virtual FRONTIER iFDG Airbus A-319
Virtual Frontier Jet Express CRJ-700
Visual FoxPro 8.0 Baseline - English
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
WebEx Event Manager for Internet Explorer
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Hotkey
XML Paper Specification Shared Components Pack 1.0
Xpander
YAMAHA AC-XG WDM
YAMAHA XG SoftSynthesizer S-YXG50

==== Event Viewer Messages From Past Week ========

8/16/2009 8:44:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000039F85FB6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/15/2009 10:19:29 AM, error: System Error [1003] - Error code 000000ea, parameter1 86933020, parameter2 8703ada0, parameter3 86fe2138, parameter4 00000001.
8/14/2009 7:03:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000039F85FB6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/14/2009 12:30:53 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
8/13/2009 8:33:42 PM, error: E100B [4] - Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

==== End Of File ===========================


2nd from DDR

DDS (Ver_09-07-30.01) - NTFSx86
Run by sje at 9:13:54.93 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.553 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\sje\Desktop\donwload\virus\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TosHKCW.exe] c:\program files\toshiba\wireless hotkey\TosHKCW.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SxgTkBar] SxgTkBar.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPWU_MPM_Agent] c:\program files\hp\hp officejet pro k550 series\toolbox\mpm.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV3.EXE /Logon
mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS3.EXE /logon
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HDSPTray1] hdsp32.exe
mRun: [HDSPTray2] hdspmix.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [T-Mobile Connection Manager] "c:\program files\t-mobile\connection manager\TMobileCM.exe" -a
mRun: [DropBoxUtility] "c:\program files\dropbox\dropbox\DropBox.exe" /s
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Uninstall Adobe Download Manager] "c:\docume~1\sje\locals~1\temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
StartupFolder: c:\docume~1\sje\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: ExSearchOptions = 170685 (0x29abd)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sje\applic~1\mozilla\firefox\profiles\s6e17ehr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-17 5802]
R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-2-5 34712]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2002-2-5 967040]
S1 AntiSpyFilter;AntiSpyFilter;c:\windows\system32\drivers\antispyfilter.sys --> c:\windows\system32\drivers\antispyfilter.sys [?]
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;\??\c:\program files\ewido anti-spyware 4.0\guard.sys --> c:\program files\ewido anti-spyware 4.0\guard.sys [?]
S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys [2007-12-6 15744]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp.sys [2007-8-15 42624]
S3 marsqx5;Digital Blue QX5 V2 Microscope;c:\windows\system32\drivers\marsqx5.sys [2008-4-24 72576]
S3 MouseCmn;Mouse Driver;c:\windows\system32\drivers\ms2kflt.sys --> c:\windows\system32\drivers\Ms2KFlt.sys [?]
S3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -snr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -sNR2005 [?]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.exe -i nr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.EXE -i NR2005 [?]
S3 toslane;Toshiba BT-LANE;c:\windows\system32\drivers\tosrflan.sys [2002-2-7 25420]
S4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe --> c:\program files\ewido anti-spyware 4.0\guard.exe [?]
S4 Tmesbs;Tmesbs3;c:\program files\toshiba\tme3\tmesbs3.exe [2006-5-17 61440]
S4 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV3.exe [2006-5-17 126976]

=============== Created Last 30 ================

2009-08-19 10:21 <DIR> --d----- c:\program files\PhotoScape
2009-08-19 10:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PlotSoft
2009-08-17 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2009-08-17 12:09 <DIR> --d----- c:\program files\Musicnotes
2009-08-15 16:37 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-14 07:39 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-14 07:39 1,409 a------- c:\windows\QTFont.for
2009-08-13 09:57 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 09:57 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 07:11 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-10 17:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-10 17:13 <DIR> --d----- C:\19fc9924972343144f2e
2009-08-05 12:53 <DIR> --dsh--- c:\documents and settings\sje\IECompatCache
2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-08 15:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-24 04:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-11 14:11 604 ac--h--- c:\program files\WSTLL Notifier
2009-01-27 19:42 2,672 ac-sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-27 19:42 88 -c-shr-- c:\docume~1\alluse~1\applic~1\F2E3A5E727.sys
2008-12-28 10:28 194 ac------ c:\documents and settings\sje\ie.bat
2006-10-25 21:14 50,313,659 ac------ c:\program files\QuickTimeInstallerX.dmg
2006-08-27 10:26 1,375 ac------ c:\program files\INSTALL.LOG
2006-03-19 08:20 774,144 ac------ c:\program files\RngInterstitial.dll
2007-01-14 09:05 61 -c-sh--- c:\windows\cnerolf.dat
2007-09-11 14:21 2 a--shrot c:\windows\winstart.bat
2002-07-31 19:55 108 -c-sh--- c:\windows\WSYS049.SYS
2009-01-25 13:56 88 ---shr-- c:\windows\system32\F2E3A5E727.sys
2009-01-25 13:56 952 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-28 20:45 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102820081029\index.dat

============= FINISH: 9:15:05.32 ===============

2nd end heres

1st end here
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: computer trouble

Unread postby jmw3 » August 20th, 2009, 7:42 pm

Hi
1. To clarify your directions, for GMER Rootkit. I unchecked the folllowing "Sections" and and "AT/EAT" and "Show All (don't miss this one)"

but there is not option for "Drives/Partition other than Systemdrive (typically C:\)"

The program does show "Devices"
Did you mean that I should uncheck "Devices" ?
Thanks Steve
Untick any other drives other than your system drive which in your case is the C drive. Leave Devices checked.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: computer trouble

Unread postby computeruser » August 21st, 2009, 10:47 am

Hi
With msconfig, I disabled some strange looking programs. Should I enable these, before running these scans, or will they show up anyways.
Steve
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: computer trouble

Unread postby jmw3 » August 21st, 2009, 11:21 am

Hi
Leave them disabled & run the scans. But I'd like to you to post the file names & paths for the processes you disabled.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: computer trouble

Unread postby computeruser » August 22nd, 2009, 12:20 pm

Hi

included are logs from 1. gamer, 2. DDS, and 3. list of disabled services in msconfig.

1. Gamer ran for about 14 hours, during that time I could see it running through a list of files. Eventually the list went away but it seemed like Gamer might have still been running, not sure. How can I tell? I saved the log, then shut off the computer. Here is the log:
------ start gamer log
GMER 1.0.15.15077 [6t5xswop.exe] - http://www.gmer.net
Rootkit scan 2009-08-22 01:22:47
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\a. Target pop\mmpop.doc 45568 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\a. Target pop\tpop.doc 67584 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\b. use and risk prot\filler.txt 6 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\b. use and risk prot\RP MMHS.doc 56832 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\b. use and risk prot\trisk.doc 38400 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\h. Appendices\1. Quarterly report appendices\filler.txt 6 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\h. Appendices\2. Copies of instruments assessment\filler.txt 6 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\back2.gif 228 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\backtop.gif 313 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\blank.gif 43 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\CUSTHE~1.GIF 7466 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\MEMBER~1.GIF 607 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav1.gif 365 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav2.gif 1182 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav3.gif 396 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav4a.gif 307 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav5.gif 560 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav1.gif 261 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav2.gif 240 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav3.gif 424 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav4.gif 312 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav5.gif 223 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav7.gif 260 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.yahoo.go.sync\Contents\Resources\ru.lproj\Localizable.strings 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.yahoo.go.sync\Contents\Resources\ru.lproj\locversion.plist 0 bytes

---- EOF - GMER 1.0.15 ----
end gamer log===========================

2. D.D.S. continues to run, throghout the day. Is there a way to turn it off?

2.a. the attach log
=====================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2005 10:19:22 PM
System Uptime: 8/19/2009 12:23:49 PM (21 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) 4 Mobile CPU 1.60GHz | uFC-PGA Socket | 1594/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 8.234 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Toshiba Wireless LAN Mini PCI Card
Device ID: PCMCIA\TOSHIBA-WIRELESS_LAN_CARD-E5D7\1
Manufacturer: TOSHIBA
Name: Toshiba Wireless LAN Mini PCI Card
PNP Device ID: PCMCIA\TOSHIBA-WIRELESS_LAN_CARD-E5D7\1
Service: wlluc48

==== System Restore Points ===================

RP1282: 6/3/2009 12:10:37 PM - Installed WebEx Event Manager for Internet Explorer
RP1283: 6/4/2009 2:58:16 PM - System Checkpoint
RP1284: 6/4/2009 10:43:00 PM - Software Distribution Service 3.0
RP1285: 6/5/2009 10:55:25 PM - System Checkpoint
RP1286: 6/7/2009 8:59:30 AM - System Checkpoint
RP1287: 6/8/2009 7:57:12 AM - Software Distribution Service 3.0
RP1288: 6/9/2009 10:46:25 AM - System Checkpoint
RP1289: 6/10/2009 4:15:38 PM - System Checkpoint
RP1290: 6/11/2009 4:24:45 PM - System Checkpoint
RP1291: 6/12/2009 4:59:40 PM - System Checkpoint
RP1292: 6/13/2009 7:07:51 PM - System Checkpoint
RP1293: 6/15/2009 7:38:56 AM - System Checkpoint
RP1294: 6/16/2009 9:36:21 AM - System Checkpoint
RP1295: 6/17/2009 2:06:08 PM - System Checkpoint
RP1296: 6/18/2009 3:50:26 PM - System Checkpoint
RP1297: 6/20/2009 12:40:48 PM - System Checkpoint
RP1298: 6/21/2009 11:51:48 AM - Installed Java(TM) 6 Update 14
RP1299: 6/23/2009 1:42:12 PM - System Checkpoint
RP1300: 6/24/2009 4:33:27 PM - System Checkpoint
RP1301: 6/25/2009 5:18:22 PM - System Checkpoint
RP1302: 6/26/2009 9:08:16 PM - System Checkpoint
RP1303: 6/27/2009 10:31:08 PM - System Checkpoint
RP1304: 6/29/2009 7:50:17 AM - System Checkpoint
RP1305: 6/30/2009 9:08:54 AM - System Checkpoint
RP1306: 7/1/2009 2:13:46 PM - System Checkpoint
RP1307: 7/2/2009 2:23:25 PM - System Checkpoint
RP1308: 7/3/2009 2:45:40 PM - System Checkpoint
RP1309: 7/4/2009 10:18:16 AM - Software Distribution Service 3.0
RP1310: 7/5/2009 11:03:18 AM - System Checkpoint
RP1311: 7/6/2009 12:49:07 PM - System Checkpoint
RP1312: 7/7/2009 4:00:02 PM - System Checkpoint
RP1313: 7/7/2009 11:46:35 PM - Installed YouSendIt Express
RP1314: 7/8/2009 3:06:52 PM - Software Distribution Service 3.0
RP1315: 7/9/2009 4:34:36 PM - System Checkpoint
RP1316: 7/10/2009 4:51:35 PM - System Checkpoint
RP1317: 7/11/2009 6:16:32 PM - System Checkpoint
RP1318: 7/12/2009 10:51:44 PM - System Checkpoint
RP1319: 7/14/2009 11:49:36 AM - System Checkpoint
RP1320: 7/15/2009 12:55:47 PM - System Checkpoint
RP1321: 7/16/2009 1:10:14 PM - System Checkpoint
RP1322: 7/17/2009 4:56:12 PM - System Checkpoint
RP1323: 7/18/2009 5:48:58 PM - System Checkpoint
RP1324: 7/19/2009 6:35:15 PM - System Checkpoint
RP1325: 8/5/2009 12:42:09 PM - Removed Microsoft Office Project Professional 2007 Trial
RP1326: 8/5/2009 12:47:48 PM - Removed PDFill PDF Editor with FREE PDF Writer and Tools
RP1327: 8/5/2009 12:48:20 PM - Removed QSE Level II 2009 MIDI Edition
RP1328: 8/5/2009 12:50:05 PM - Configured YouSendIt Express
RP1329: 8/10/2009 4:37:41 AM - System Checkpoint
RP1330: 8/10/2009 7:20:37 AM - Installed Nero BackItUp 2 Essentials
RP1331: 8/10/2009 4:59:44 PM - Software Distribution Service 3.0
RP1332: 8/11/2009 6:34:18 AM - Printer Driver Microsoft XPS Document Writer Installed
RP1333: 8/11/2009 4:32:37 PM - Installed YouSendIt Express
RP1334: 8/12/2009 6:52:41 AM - Removed Nero BackItUp 2 Essentials
RP1335: 8/12/2009 7:03:16 PM - Software Distribution Service 3.0
RP1336: 8/14/2009 8:31:12 AM - System Checkpoint
RP1337: 8/14/2009 1:51:23 PM - Software Distribution Service 3.0
RP1338: 8/15/2009 2:06:11 PM - Configured YouSendIt Express
RP1339: 8/16/2009 6:58:01 PM - System Checkpoint
RP1340: 8/17/2009 8:48:36 PM - System Checkpoint
RP1341: 8/19/2009 10:15:05 AM - Installed PDFill PDF Editor with FREE Writer and Free Tools
RP1342: 8/19/2009 10:15:26 AM - Printer Driver PDFill Writer Installed

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Audacity 1.2.6
AutoUpdate
Bluetooth Stack for Windows by Toshiba
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CLR Script 1.62
Compatibility Pack for the 2007 Office system
ContinuumClient
Copyist 8 Demo
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceManagementQFolder
Directory Printer 3.72
Directory Report
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocMgr
DocProc
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
Dragon NaturallySpeaking 8
Edelweiss A320-214 Flotte
Edelweiss A330-243
EPSON Attach To Email
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Scan
ESET NOD32 Antivirus
Google Earth
GPL Ghostscript 8.64
Great Lakes Beech 1900D
GSview 4.9
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Document Manager 1.2
HP Imaging Device Functions 11.5
HP Officejet Pro K5300/5400 Series
HP Officejet Pro K550 Series
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HPPhotoSmartPhotobookWebPack1
Inno Setup version 5.1.8
Intel(R) PRO Ethernet Adapter and Software
IrfanView (remove only)
Java(TM) 6 Update 14
jZip
KDEN Denver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.8
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Identity Integration Server 2003 Resource Tool Kit
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft XML Parser
MightyFax
Misc
Mozilla Firefox (3.0.13)
MS PowerPoint Print Multiple Presentations Software 7.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Musicnotes Player
Musicnotes Software Suite 1.0
NeatReceipts Professional v2.7.5
neroxml
NetZoom
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Quick Backup
Pagis Viewer 2.0
PanoStandAlone
PDF Settings
PDFill PDF Editor with FREE Writer and Free Tools
PhotoScape
PSSWCORE
Quicken 2001 New User Edition
QuickTime
RealPlayer
RME DIGICheck
RME Hammerfall DSP (WDM)
RME HDSP Meter Bridge
samplitude 7.0 professional
ScanSoft PaperPort 11
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Short Empire for FSX or FS2004
Sibelius 5 Demo
Sibelius 5 First
Speak Clipboard
SpywareBlaster 4.2
Swiss VA A319 V3.0
T-Mobile Connection Manager
Toolbox
TOSHIBA Console
Toshiba Hotkey Utility for Display Devices
TOSHIBA Management Console Version 3.5 (3.5.2)
TOSHIBA Mobile Extension3 V3.19.00
TOSHIBA Power Saver
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
Trader Workstation
Trader Workstation 4.0
TreeSize Professional 5.2.2
TTS_Technology
TWC User Controls
Tweak UI
TWS Interoperability Components
UGuide
Ultimate Traffic
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VectorEye3
VideoToolkit01
Virtual Frontier (iFDG) Airbus A-319
Virtual FRONTIER iFDG Airbus A-319
Virtual Frontier Jet Express CRJ-700
Visual FoxPro 8.0 Baseline - English
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
WebEx Event Manager for Internet Explorer
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Hotkey
XML Paper Specification Shared Components Pack 1.0
Xpander
YAMAHA AC-XG WDM
YAMAHA XG SoftSynthesizer S-YXG50

==== Event Viewer Messages From Past Week ========

8/16/2009 8:44:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000039F85FB6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/15/2009 10:19:29 AM, error: System Error [1003] - Error code 000000ea, parameter1 86933020, parameter2 8703ada0, parameter3 86fe2138, parameter4 00000001.
8/14/2009 7:03:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000039F85FB6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/14/2009 12:30:53 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
8/13/2009 8:33:42 PM, error: E100B [4] - Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

==== End Of File ===========================

2.B. the DDS log

DDS (Ver_09-07-30.01) - NTFSx86
Run by sje at 9:13:54.93 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.553 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\sje\Desktop\donwload\virus\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TosHKCW.exe] c:\program files\toshiba\wireless hotkey\TosHKCW.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SxgTkBar] SxgTkBar.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPWU_MPM_Agent] c:\program files\hp\hp officejet pro k550 series\toolbox\mpm.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV3.EXE /Logon
mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS3.EXE /logon
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HDSPTray1] hdsp32.exe
mRun: [HDSPTray2] hdspmix.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [T-Mobile Connection Manager] "c:\program files\t-mobile\connection manager\TMobileCM.exe" -a
mRun: [DropBoxUtility] "c:\program files\dropbox\dropbox\DropBox.exe" /s
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Uninstall Adobe Download Manager] "c:\docume~1\sje\locals~1\temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
StartupFolder: c:\docume~1\sje\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: ExSearchOptions = 170685 (0x29abd)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sje\applic~1\mozilla\firefox\profiles\s6e17ehr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-17 5802]
R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-2-5 34712]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2002-2-5 967040]
S1 AntiSpyFilter;AntiSpyFilter;c:\windows\system32\drivers\antispyfilter.sys --> c:\windows\system32\drivers\antispyfilter.sys [?]
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;\??\c:\program files\ewido anti-spyware 4.0\guard.sys --> c:\program files\ewido anti-spyware 4.0\guard.sys [?]
S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys [2007-12-6 15744]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp.sys [2007-8-15 42624]
S3 marsqx5;Digital Blue QX5 V2 Microscope;c:\windows\system32\drivers\marsqx5.sys [2008-4-24 72576]
S3 MouseCmn;Mouse Driver;c:\windows\system32\drivers\ms2kflt.sys --> c:\windows\system32\drivers\Ms2KFlt.sys [?]
S3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -snr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -sNR2005 [?]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.exe -i nr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.EXE -i NR2005 [?]
S3 toslane;Toshiba BT-LANE;c:\windows\system32\drivers\tosrflan.sys [2002-2-7 25420]
S4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe --> c:\program files\ewido anti-spyware 4.0\guard.exe [?]
S4 Tmesbs;Tmesbs3;c:\program files\toshiba\tme3\tmesbs3.exe [2006-5-17 61440]
S4 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV3.exe [2006-5-17 126976]

=============== Created Last 30 ================

2009-08-19 10:21 <DIR> --d----- c:\program files\PhotoScape
2009-08-19 10:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PlotSoft
2009-08-17 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2009-08-17 12:09 <DIR> --d----- c:\program files\Musicnotes
2009-08-15 16:37 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-14 07:39 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-14 07:39 1,409 a------- c:\windows\QTFont.for
2009-08-13 09:57 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 09:57 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 07:11 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-10 17:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-10 17:13 <DIR> --d----- C:\19fc9924972343144f2e
2009-08-05 12:53 <DIR> --dsh--- c:\documents and settings\sje\IECompatCache
2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-08 15:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-24 04:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-11 14:11 604 ac--h--- c:\program files\WSTLL Notifier
2009-01-27 19:42 2,672 ac-sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-27 19:42 88 -c-shr-- c:\docume~1\alluse~1\applic~1\F2E3A5E727.sys
2008-12-28 10:28 194 ac------ c:\documents and settings\sje\ie.bat
2006-10-25 21:14 50,313,659 ac------ c:\program files\QuickTimeInstallerX.dmg
2006-08-27 10:26 1,375 ac------ c:\program files\INSTALL.LOG
2006-03-19 08:20 774,144 ac------ c:\program files\RngInterstitial.dll
2007-01-14 09:05 61 -c-sh--- c:\windows\cnerolf.dat
2007-09-11 14:21 2 a--shrot c:\windows\winstart.bat
2002-07-31 19:55 108 -c-sh--- c:\windows\WSYS049.SYS
2009-01-25 13:56 88 ---shr-- c:\windows\system32\F2E3A5E727.sys
2009-01-25 13:56 952 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-28 20:45 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102820081029\index.dat

============= FINISH: 9:15:05.32 ===============

3. the disabled services in msconfig, name and location
A1. Check for TWS Up
A2. C:\ks\WiseUpdt.exe IC SOFT WARE\Microsoft\Windows\CurrentVersion\Run
B1.DesktopWeather
b2. "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" “
C.1 iTunesHelper
c2. "C:\Program Files\iTunes\iTunesHelper.exe" “
d1. QAGENT
d2. C:\quickenw\QAGENT.EXE “
e1. SSBkgdupdate
e2. C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdup... “
f1. q Stock Spy Tray
f2. "C:\Program Files\Stock Spy\Stock Spy Tray.lnk" “
g1. YouSendlt
g2. C:\Program Files\YouSendlt\Express\YouSendlt.exe -ui none “
H1. OpenOffice.org 2.0
h2. C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe “
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: computer trouble

Unread postby computeruser » August 22nd, 2009, 12:24 pm

forgot to say that these are also stopped in msconfig
Adobe LM Service--Unknown--Stopped
FLEXnet Licensing Service--Unknown--Stopped
InstallDriver Table Mana...--Unknown--Stopped
NMlndexingService--Unknown--Stopped
ProtexisLicensing--Unknown--Stopped
Tmesbs3--Unknown--Stopped
Tmesrv3--Unknown--Stopped
Windows CardSpace--Unknown--Stopped
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: computer trouble

Unread postby computeruser » August 22nd, 2009, 4:09 pm

My computer display has horizontal bars and vertical ones, will only boot in low resolution. I also see that DDS keeps running. Is it supposed to do this? How do I stop it. Something keeps running on the harddrive??
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: computer trouble

Unread postby jmw3 » August 22nd, 2009, 11:01 pm

Hi
Looking over you logs I don't think your problems are malware related. If anything I think you have problem with your graphics card. This from your Attach log:
8/14/2009 12:30:53 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.

To check the status of your graphics card do this:
  • Click Start>>Run. In the run box copy/paste devmgmt.msc then click OK
  • Click the small + next to Display adapters to extend the list
  • Have a look for any exclamation or question marks next to any items listed

Let me know how you get on.

All of the services you stopped are legit by the way. If you don't use them you should set them to Manual.

I also see that DDS keeps running.
Try closing it in Task Manager. Open the Task manager by either holding down Control+alt+delete at the same time, then choose Task Manager. Under Applications highlight DDS then click End Task.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: computer trouble

Unread postby computeruser » August 23rd, 2009, 12:30 am

Hi
In device manager, I update the video driver but now I have vertical yellow and white bands on my screen, at low resolution. So it sounds like I need a new graphics card and/or display

Re D.D.S, I could not find it in Task Manager, nor could I find it as a service. It just would pop up repeatedly. Maybe every 15 minutes, as if on a timer. But it has now stopped. Don't know why. There is something going on, the harddrive keeps turning, and in task manager, under performance, the meter keeps showing activity. The whole screen flickers about 1 per second. Could the graphics card be causing this? '

Thanks so much
Steve
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: computer trouble

Unread postby jmw3 » August 23rd, 2009, 1:11 am

Hi

So it sounds like I need a new graphics card and/or display
Quite possibly. As this is a dedicated Malware Removal site & my expertise lies in that field, I think your best course of action would be to visit a tech support site or even a computer repair shop.
Some excellent tech sites can be found here:
TechSupportForum
What the Tech
Tech Support Guy

Let me know what you decide.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: computer trouble

Unread postby chryssi2001 » August 27th, 2009, 11:41 am

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware