Hi
included are logs from 1. gamer, 2. DDS, and 3. list of disabled services in msconfig.
1. Gamer ran for about 14 hours, during that time I could see it running through a list of files. Eventually the list went away but it seemed like Gamer might have still been running, not sure. How can I tell? I saved the log, then shut off the computer. Here is the log:
------ start gamer log
GMER 1.0.15.15077 [6t5xswop.exe] -
http://www.gmer.netRootkit scan 2009-08-22 01:22:47
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\a. Target pop\mmpop.doc 45568 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\a. Target pop\tpop.doc 67584 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\b. use and risk prot\filler.txt 6 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\b. use and risk prot\RP MMHS.doc 56832 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\b. Overview devel\1 state prob\b. use and risk prot\trisk.doc 38400 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\h. Appendices\1. Quarterly report appendices\filler.txt 6 bytes
File C:\Documents and Settings\sje\Desktop\tribes\tribes\Jamul\development\chart of jamul\club drug\reports\progress report guidelines and blanks\annual report 04 05\Part 2 study report pages numbered starting with 1\h. Appendices\2. Copies of instruments assessment\filler.txt 6 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\back2.gif 228 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\backtop.gif 313 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\blank.gif 43 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\CUSTHE~1.GIF 7466 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\MEMBER~1.GIF 607 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav1.gif 365 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav2.gif 1182 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav3.gif 396 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav4a.gif 307 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\midnav5.gif 560 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav1.gif 261 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav2.gif 240 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav3.gif 424 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav4.gif 312 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav5.gif 223 bytes
File C:\Documents and Settings\sje\Desktop\tribes\individual grants\apply\grant list\check into\smoke NACCHO - Tobacco Prevention and Control Project !--img src=images-blank_gif width=153 height=1 border=0 alt=font size=1 color=#ff0000Updated on 08-24-2003-font--_files\topnav7.gif 260 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.yahoo.go.sync\Contents\Resources\ru.lproj\Localizable.strings 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.yahoo.go.sync\Contents\Resources\ru.lproj\locversion.plist 0 bytes
---- EOF - GMER 1.0.15 ----
end gamer log===========================
2. D.D.S. continues to run, throghout the day. Is there a way to turn it off?
2.a. the attach log
=====================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2005 10:19:22 PM
System Uptime: 8/19/2009 12:23:49 PM (21 hours ago)
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) 4 Mobile CPU 1.60GHz | uFC-PGA Socket | 1594/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 56 GiB total, 8.234 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Toshiba Wireless LAN Mini PCI Card
Device ID: PCMCIA\TOSHIBA-WIRELESS_LAN_CARD-E5D7\1
Manufacturer: TOSHIBA
Name: Toshiba Wireless LAN Mini PCI Card
PNP Device ID: PCMCIA\TOSHIBA-WIRELESS_LAN_CARD-E5D7\1
Service: wlluc48
==== System Restore Points ===================
RP1282: 6/3/2009 12:10:37 PM - Installed WebEx Event Manager for Internet Explorer
RP1283: 6/4/2009 2:58:16 PM - System Checkpoint
RP1284: 6/4/2009 10:43:00 PM - Software Distribution Service 3.0
RP1285: 6/5/2009 10:55:25 PM - System Checkpoint
RP1286: 6/7/2009 8:59:30 AM - System Checkpoint
RP1287: 6/8/2009 7:57:12 AM - Software Distribution Service 3.0
RP1288: 6/9/2009 10:46:25 AM - System Checkpoint
RP1289: 6/10/2009 4:15:38 PM - System Checkpoint
RP1290: 6/11/2009 4:24:45 PM - System Checkpoint
RP1291: 6/12/2009 4:59:40 PM - System Checkpoint
RP1292: 6/13/2009 7:07:51 PM - System Checkpoint
RP1293: 6/15/2009 7:38:56 AM - System Checkpoint
RP1294: 6/16/2009 9:36:21 AM - System Checkpoint
RP1295: 6/17/2009 2:06:08 PM - System Checkpoint
RP1296: 6/18/2009 3:50:26 PM - System Checkpoint
RP1297: 6/20/2009 12:40:48 PM - System Checkpoint
RP1298: 6/21/2009 11:51:48 AM - Installed Java(TM) 6 Update 14
RP1299: 6/23/2009 1:42:12 PM - System Checkpoint
RP1300: 6/24/2009 4:33:27 PM - System Checkpoint
RP1301: 6/25/2009 5:18:22 PM - System Checkpoint
RP1302: 6/26/2009 9:08:16 PM - System Checkpoint
RP1303: 6/27/2009 10:31:08 PM - System Checkpoint
RP1304: 6/29/2009 7:50:17 AM - System Checkpoint
RP1305: 6/30/2009 9:08:54 AM - System Checkpoint
RP1306: 7/1/2009 2:13:46 PM - System Checkpoint
RP1307: 7/2/2009 2:23:25 PM - System Checkpoint
RP1308: 7/3/2009 2:45:40 PM - System Checkpoint
RP1309: 7/4/2009 10:18:16 AM - Software Distribution Service 3.0
RP1310: 7/5/2009 11:03:18 AM - System Checkpoint
RP1311: 7/6/2009 12:49:07 PM - System Checkpoint
RP1312: 7/7/2009 4:00:02 PM - System Checkpoint
RP1313: 7/7/2009 11:46:35 PM - Installed YouSendIt Express
RP1314: 7/8/2009 3:06:52 PM - Software Distribution Service 3.0
RP1315: 7/9/2009 4:34:36 PM - System Checkpoint
RP1316: 7/10/2009 4:51:35 PM - System Checkpoint
RP1317: 7/11/2009 6:16:32 PM - System Checkpoint
RP1318: 7/12/2009 10:51:44 PM - System Checkpoint
RP1319: 7/14/2009 11:49:36 AM - System Checkpoint
RP1320: 7/15/2009 12:55:47 PM - System Checkpoint
RP1321: 7/16/2009 1:10:14 PM - System Checkpoint
RP1322: 7/17/2009 4:56:12 PM - System Checkpoint
RP1323: 7/18/2009 5:48:58 PM - System Checkpoint
RP1324: 7/19/2009 6:35:15 PM - System Checkpoint
RP1325: 8/5/2009 12:42:09 PM - Removed Microsoft Office Project Professional 2007 Trial
RP1326: 8/5/2009 12:47:48 PM - Removed PDFill PDF Editor with FREE PDF Writer and Tools
RP1327: 8/5/2009 12:48:20 PM - Removed QSE Level II 2009 MIDI Edition
RP1328: 8/5/2009 12:50:05 PM - Configured YouSendIt Express
RP1329: 8/10/2009 4:37:41 AM - System Checkpoint
RP1330: 8/10/2009 7:20:37 AM - Installed Nero BackItUp 2 Essentials
RP1331: 8/10/2009 4:59:44 PM - Software Distribution Service 3.0
RP1332: 8/11/2009 6:34:18 AM - Printer Driver Microsoft XPS Document Writer Installed
RP1333: 8/11/2009 4:32:37 PM - Installed YouSendIt Express
RP1334: 8/12/2009 6:52:41 AM - Removed Nero BackItUp 2 Essentials
RP1335: 8/12/2009 7:03:16 PM - Software Distribution Service 3.0
RP1336: 8/14/2009 8:31:12 AM - System Checkpoint
RP1337: 8/14/2009 1:51:23 PM - Software Distribution Service 3.0
RP1338: 8/15/2009 2:06:11 PM - Configured YouSendIt Express
RP1339: 8/16/2009 6:58:01 PM - System Checkpoint
RP1340: 8/17/2009 8:48:36 PM - System Checkpoint
RP1341: 8/19/2009 10:15:05 AM - Installed PDFill PDF Editor with FREE Writer and Free Tools
RP1342: 8/19/2009 10:15:26 AM - Printer Driver PDFill Writer Installed
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Audacity 1.2.6
AutoUpdate
Bluetooth Stack for Windows by Toshiba
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CLR Script 1.62
Compatibility Pack for the 2007 Office system
ContinuumClient
Copyist 8 Demo
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceManagementQFolder
Directory Printer 3.72
Directory Report
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocMgr
DocProc
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
Dragon NaturallySpeaking 8
Edelweiss A320-214 Flotte
Edelweiss A330-243
EPSON Attach To Email
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Scan
ESET NOD32 Antivirus
Google Earth
GPL Ghostscript 8.64
Great Lakes Beech 1900D
GSview 4.9
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Document Manager 1.2
HP Imaging Device Functions 11.5
HP Officejet Pro K5300/5400 Series
HP Officejet Pro K550 Series
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HPPhotoSmartPhotobookWebPack1
Inno Setup version 5.1.8
Intel(R) PRO Ethernet Adapter and Software
IrfanView (remove only)
Java(TM) 6 Update 14
jZip
KDEN Denver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.8
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Identity Integration Server 2003 Resource Tool Kit
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft XML Parser
MightyFax
Misc
Mozilla Firefox (3.0.13)
MS PowerPoint Print Multiple Presentations Software 7.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Musicnotes Player
Musicnotes Software Suite 1.0
NeatReceipts Professional v2.7.5
neroxml
NetZoom
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Quick Backup
Pagis Viewer 2.0
PanoStandAlone
PDF Settings
PDFill PDF Editor with FREE Writer and Free Tools
PhotoScape
PSSWCORE
Quicken 2001 New User Edition
QuickTime
RealPlayer
RME DIGICheck
RME Hammerfall DSP (WDM)
RME HDSP Meter Bridge
samplitude 7.0 professional
ScanSoft PaperPort 11
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Short Empire for FSX or FS2004
Sibelius 5 Demo
Sibelius 5 First
Speak Clipboard
SpywareBlaster 4.2
Swiss VA A319 V3.0
T-Mobile Connection Manager
Toolbox
TOSHIBA Console
Toshiba Hotkey Utility for Display Devices
TOSHIBA Management Console Version 3.5 (3.5.2)
TOSHIBA Mobile Extension3 V3.19.00
TOSHIBA Power Saver
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
Trader Workstation
Trader Workstation 4.0
TreeSize Professional 5.2.2
TTS_Technology
TWC User Controls
Tweak UI
TWS Interoperability Components
UGuide
Ultimate Traffic
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VectorEye3
VideoToolkit01
Virtual Frontier (iFDG) Airbus A-319
Virtual FRONTIER iFDG Airbus A-319
Virtual Frontier Jet Express CRJ-700
Visual FoxPro 8.0 Baseline - English
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
WebEx Event Manager for Internet Explorer
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Hotkey
XML Paper Specification Shared Components Pack 1.0
Xpander
YAMAHA AC-XG WDM
YAMAHA XG SoftSynthesizer S-YXG50
==== Event Viewer Messages From Past Week ========
8/16/2009 8:44:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000039F85FB6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/15/2009 10:19:29 AM, error: System Error [1003] - Error code 000000ea, parameter1 86933020, parameter2 8703ada0, parameter3 86fe2138, parameter4 00000001.
8/14/2009 7:03:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000039F85FB6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/14/2009 12:30:53 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
8/13/2009 8:33:42 PM, error: E100B [4] - Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down
==== End Of File ===========================
2.B. the DDS log
DDS (Ver_09-07-30.01) - NTFSx86
Run by sje at 9:13:54.93 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.553 [GMT -7:00]
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\sje\Desktop\donwload\virus\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar =
hxxp://www.google.com/ieuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
hxxp://google.com/uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TosHKCW.exe] c:\program files\toshiba\wireless hotkey\TosHKCW.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SxgTkBar] SxgTkBar.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPWU_MPM_Agent] c:\program files\hp\hp officejet pro k550 series\toolbox\mpm.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV3.EXE /Logon
mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS3.EXE /logon
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HDSPTray1] hdsp32.exe
mRun: [HDSPTray2] hdspmix.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [T-Mobile Connection Manager] "c:\program files\t-mobile\connection manager\TMobileCM.exe" -a
mRun: [DropBoxUtility] "c:\program files\dropbox\dropbox\DropBox.exe" /s
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Uninstall Adobe Download Manager] "c:\docume~1\sje\locals~1\temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
StartupFolder: c:\docume~1\sje\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: ExSearchOptions = 170685 (0x29abd)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sje\applic~1\mozilla\firefox\profiles\s6e17ehr.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-17 5802]
R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-2-5 34712]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2002-2-5 967040]
S1 AntiSpyFilter;AntiSpyFilter;c:\windows\system32\drivers\antispyfilter.sys --> c:\windows\system32\drivers\antispyfilter.sys [?]
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;\??\c:\program files\ewido anti-spyware 4.0\guard.sys --> c:\program files\ewido anti-spyware 4.0\guard.sys [?]
S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys [2007-12-6 15744]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp.sys [2007-8-15 42624]
S3 marsqx5;Digital Blue QX5 V2 Microscope;c:\windows\system32\drivers\marsqx5.sys [2008-4-24 72576]
S3 MouseCmn;Mouse Driver;c:\windows\system32\drivers\ms2kflt.sys --> c:\windows\system32\drivers\Ms2KFlt.sys [?]
S3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -snr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -sNR2005 [?]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.exe -i nr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.EXE -i NR2005 [?]
S3 toslane;Toshiba BT-LANE;c:\windows\system32\drivers\tosrflan.sys [2002-2-7 25420]
S4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe --> c:\program files\ewido anti-spyware 4.0\guard.exe [?]
S4 Tmesbs;Tmesbs3;c:\program files\toshiba\tme3\tmesbs3.exe [2006-5-17 61440]
S4 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV3.exe [2006-5-17 126976]
=============== Created Last 30 ================
2009-08-19 10:21 <DIR> --d----- c:\program files\PhotoScape
2009-08-19 10:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PlotSoft
2009-08-17 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2009-08-17 12:09 <DIR> --d----- c:\program files\Musicnotes
2009-08-15 16:37 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-14 07:39 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-14 07:39 1,409 a------- c:\windows\QTFont.for
2009-08-13 09:57 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 09:57 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 07:11 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-10 17:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-10 17:13 <DIR> --d----- C:\19fc9924972343144f2e
2009-08-05 12:53 <DIR> --dsh--- c:\documents and settings\sje\IECompatCache
2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
==================== Find3M ====================
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-08 15:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-24 04:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-11 14:11 604 ac--h--- c:\program files\WSTLL Notifier
2009-01-27 19:42 2,672 ac-sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-27 19:42 88 -c-shr-- c:\docume~1\alluse~1\applic~1\F2E3A5E727.sys
2008-12-28 10:28 194 ac------ c:\documents and settings\sje\ie.bat
2006-10-25 21:14 50,313,659 ac------ c:\program files\QuickTimeInstallerX.dmg
2006-08-27 10:26 1,375 ac------ c:\program files\INSTALL.LOG
2006-03-19 08:20 774,144 ac------ c:\program files\RngInterstitial.dll
2007-01-14 09:05 61 -c-sh--- c:\windows\cnerolf.dat
2007-09-11 14:21 2 a--shrot c:\windows\winstart.bat
2002-07-31 19:55 108 -c-sh--- c:\windows\WSYS049.SYS
2009-01-25 13:56 88 ---shr-- c:\windows\system32\F2E3A5E727.sys
2009-01-25 13:56 952 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-28 20:45 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102820081029\index.dat
============= FINISH: 9:15:05.32 ===============
3. the disabled services in msconfig, name and location
A1. Check for TWS Up
A2. C:\ks\WiseUpdt.exe IC SOFT WARE\Microsoft\Windows\CurrentVersion\Run
B1.DesktopWeather
b2. "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" “
C.1 iTunesHelper
c2. "C:\Program Files\iTunes\iTunesHelper.exe" “
d1. QAGENT
d2. C:\quickenw\QAGENT.EXE “
e1. SSBkgdupdate
e2. C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdup... “
f1. q Stock Spy Tray
f2. "C:\Program Files\Stock Spy\Stock Spy Tray.lnk" “
g1. YouSendlt
g2. C:\Program Files\YouSendlt\Express\YouSendlt.exe -ui none “
H1. OpenOffice.org 2.0
h2. C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe “