gateway solo sound and antivirus 2009 issues

[zbirdsgirl]

DDS (Version 1.0) - NTFSx86
Run by marques123 at 9:18:51.44 on Sun 12/07/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.287.105 [GMT -5:00]

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\atievxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\marques123\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\d:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-4 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"d:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-4 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"d:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-4 151297]
R3 avgntflt;avgntflt;\??\d:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-4 52032]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;d:\windows\system32\drivers\EL556ND5.sys [2008-12-1 55999]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;d:\windows\system32\drivers\WDHAALBA.sys [2008-12-1 701386]

=============== Created Last 30 ================

2008-12-07 09:01 266,088 a------- d:\windows\system32\xactengine2_8.dll
2008-12-07 09:01 17,928 a------- d:\windows\system32\X3DAudio1_2.dll
2008-12-07 09:01 1,124,720 a------- d:\windows\system32\D3DCompiler_34.dll
2008-12-07 09:01 443,752 a------- d:\windows\system32\d3dx10_34.dll
2008-12-07 09:01 3,497,832 a------- d:\windows\system32\d3dx9_34.dll
2008-12-07 09:01 261,480 a------- d:\windows\system32\xactengine2_7.dll
2008-12-07 09:01 443,752 a------- d:\windows\system32\d3dx10_33.dll
2008-12-07 09:01 1,123,696 a------- d:\windows\system32\D3DCompiler_33.dll
2008-12-07 09:01 3,495,784 a------- d:\windows\system32\d3dx9_33.dll
2008-12-07 09:01 255,848 a------- d:\windows\system32\xactengine2_6.dll
2008-12-07 08:59 <DIR> --d-h--- d:\windows\msdownld.tmp
2008-12-07 08:59 <DIR> --d----- d:\windows\Logs
2008-12-06 19:22 <DIR> --d----- d:\program files\DivX
2008-12-06 17:56 <DIR> --d----- d:\docume~1\marque~1\applic~1\RegTool
2008-12-06 16:40 36,480 ac------ d:\windows\system32\dllcache\sfmanm.sys
2008-12-06 16:11 146,048 ac------ d:\windows\system32\dllcache\portcls.sys
2008-12-06 16:11 4,096 ac------ d:\windows\system32\dllcache\ksuser.dll
2008-12-06 16:11 146,048 a------- d:\windows\system32\drivers\portcls.sys
2008-12-06 16:11 4,096 a------- d:\windows\system32\ksuser.dll
2008-12-06 16:11 129,536 ac------ d:\windows\system32\dllcache\ksproxy.ax
2008-12-06 16:11 129,536 a------- d:\windows\system32\ksproxy.ax
2008-12-06 16:11 60,160 ac------ d:\windows\system32\dllcache\drmk.sys
2008-12-06 16:11 60,160 a------- d:\windows\system32\drivers\drmk.sys
2008-12-06 15:49 2,278 a------- d:\windows\system32\unins000.dat
2008-12-06 15:49 <DIR> --d----- D:\pnp
2008-12-06 15:32 <DIR> --d----- d:\docume~1\marque~1\applic~1\Uniblue
2008-12-06 15:28 8,704 ac------ d:\windows\system32\dllcache\kbdjpn.dll
2008-12-06 15:28 8,192 ac------ d:\windows\system32\dllcache\kbdkor.dll
2008-12-06 15:28 6,144 ac------ d:\windows\system32\dllcache\kbd101c.dll
2008-12-06 15:28 5,632 ac------ d:\windows\system32\dllcache\kbd103.dll
2008-12-06 15:28 8,704 a------- d:\windows\system32\kbdjpn.dll
2008-12-06 15:28 8,192 a------- d:\windows\system32\kbdkor.dll
2008-12-06 15:28 6,144 a------- d:\windows\system32\kbd101c.dll
2008-12-06 15:28 5,632 a------- d:\windows\system32\kbd103.dll
2008-12-06 15:28 6,144 ac------ d:\windows\system32\dllcache\kbd101b.dll
2008-12-06 15:28 6,144 a------- d:\windows\system32\kbd101b.dll
2008-12-06 15:28 6,144 ac------ d:\windows\system32\dllcache\kbd106.dll
2008-12-06 15:28 6,144 a------- d:\windows\system32\kbd106.dll
2008-12-06 14:33 <DIR> --d----- d:\program files\Trend Micro
2008-12-06 00:05 <DIR> --d----- d:\program files\Spybot - Search & Destroy
2008-12-06 00:05 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-05 23:55 <DIR> --d----- d:\windows\pss
2008-12-05 22:37 4,122,368 a----r-- d:\windows\system32\drivers\alcxwdm.sys
2008-12-05 22:37 577,536 a------- d:\windows\soundman.exe
2008-12-05 22:37 147,456 a------- d:\windows\system32\RtlCPAPI.dll
2008-12-05 22:37 49,152 a------- d:\windows\system32\ChCfg.exe
2008-12-05 22:37 10,528,768 a------- d:\windows\system32\RTLCPL.exe
2008-12-05 22:37 141,016 a------- d:\windows\system32\alsndmgr.wav
2008-12-05 22:37 18,804,736 a------- d:\windows\system32\alsndmgr.cpl
2008-12-05 22:25 <DIR> --d----- d:\program files\Realtek AC97
2008-12-05 22:25 315,392 a------- d:\windows\alcupd.exe
2008-12-05 22:25 217,088 a------- d:\windows\alcrmv.exe
2008-12-04 19:57 <DIR> --d----- d:\program files\Avira
2008-12-04 19:57 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Avira
2008-12-04 18:54 268,648 a------- d:\windows\system32\mucltui.dll
2008-12-04 18:54 27,496 a------- d:\windows\system32\mucltui.dll.mui
2008-12-04 18:46 <DIR> --d----- d:\program files\Gateway
2008-12-04 02:05 <DIR> --d----- d:\windows\system32\scripting
2008-12-04 02:05 <DIR> --d----- d:\windows\l2schemas
2008-12-04 02:05 <DIR> --d----- d:\windows\system32\en
2008-12-04 02:05 <DIR> --d----- d:\windows\system32\bits
2008-12-04 02:00 <DIR> --d----- d:\windows\ServicePackFiles
2008-12-04 01:53 <DIR> --d----- d:\windows\system32\ReinstallBackups
2008-12-04 01:47 <DIR> --d----- d:\windows\EHome
2008-12-03 20:59 459,264 -c------ d:\windows\system32\dllcache\msfeeds.dll
2008-12-03 20:59 52,224 -c------ d:\windows\system32\dllcache\msfeedsbs.dll
2008-12-03 20:59 991,232 -c------ d:\windows\system32\dllcache\ieframe.dll.mui
2008-12-03 20:59 267,776 -c------ d:\windows\system32\dllcache\iertutil.dll
2008-12-03 20:59 13,824 -c------ d:\windows\system32\dllcache\ieudinit.exe
2008-12-03 20:59 6,066,176 -c------ d:\windows\system32\dllcache\ieframe.dll
2008-12-03 20:59 383,488 -c------ d:\windows\system32\dllcache\ieapfltr.dll
2008-12-03 20:59 2,455,488 -c------ d:\windows\system32\dllcache\ieapfltr.dat
2008-12-03 20:59 63,488 -c------ d:\windows\system32\dllcache\icardie.dll
2008-12-03 20:53 <DIR> --d----- d:\windows\network diagnostic
2008-12-03 20:18 1,897,408 -------- d:\windows\system32\drivers\nv4_mini.sys
2008-12-03 20:17 381,425 -c------ d:\windows\system32\dllcache\copycd.wmv
2008-12-03 20:17 129,045 -------- d:\windows\system32\drivers\cxthsfs2.cty
2008-12-03 20:17 9,585 -c------ d:\windows\system32\dllcache\controls.css
2008-12-03 20:17 8,298 -c------ d:\windows\system32\dllcache\contents.htm
2008-12-03 20:17 6,878 -c------ d:\windows\system32\dllcache\controls.js
2008-12-03 20:17 773 -c------ d:\windows\system32\dllcache\cnth.gif
2008-12-03 20:17 773 -c------ d:\windows\system32\dllcache\cnt.gif
2008-12-03 20:17 772 -c------ d:\windows\system32\dllcache\cntd.gif
2008-12-03 20:17 760 -c------ d:\windows\system32\dllcache\cloapph.gif
2008-12-03 20:17 717 -c------ d:\windows\system32\dllcache\cloapp.gif
2008-12-03 20:17 999 -c------ d:\windows\system32\dllcache\bktrh.gif
2008-12-03 20:08 <DIR> --dsh--- d:\documents and settings\marques123\UserData
2008-12-03 19:47 272,128 -c------ d:\windows\system32\dllcache\bthport.sys
2008-12-03 19:47 272,128 -------- d:\windows\system32\drivers\bthport.sys
2008-12-03 19:46 138,496 -c------ d:\windows\system32\dllcache\afd.sys
2008-12-03 19:46 333,824 -c------ d:\windows\system32\dllcache\srv.sys
2008-12-03 19:44 1,846,400 -c------ d:\windows\system32\dllcache\win32k.sys
2008-12-03 19:44 2,145,280 -c------ d:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-03 19:44 2,189,184 -c------ d:\windows\system32\dllcache\ntoskrnl.exe
2008-12-03 19:44 2,023,936 -c------ d:\windows\system32\dllcache\ntkrpamp.exe
2008-12-03 19:43 2,066,048 -c------ d:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-03 19:43 203,136 -c------ d:\windows\system32\dllcache\rmcast.sys
2008-12-03 19:43 455,296 -c------ d:\windows\system32\dllcache\mrxsmb.sys
2008-12-03 19:42 691,712 -c------ d:\windows\system32\dllcache\inetcomm.dll
2008-12-03 19:42 337,408 -c------ d:\windows\system32\dllcache\netapi32.dll
2008-12-03 19:40 <DIR> --d----- d:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2008-12-03 19:38 13,734 a------- d:\windows\system32\wpa.bak
2008-12-03 19:37 <DIR> --d----- d:\windows\system32\PreInstall
2008-12-03 19:37 26,488 a------- d:\windows\system32\spupdsvc.exe
2008-12-03 19:20 <DIR> --d----- d:\windows\system32\SoftwareDistribution
2008-12-02 19:46 74,703 a------- d:\windows\system32\mfc45.dll
2008-12-02 19:46 <DIR> --d----- d:\docume~1\marque~1\applic~1\iolo
2008-12-02 19:46 <DIR> --d----- d:\docume~1\alluse~1\applic~1\iolo
2008-12-01 23:03 251,672 a------- d:\windows\system32\xactengine2_5.dll
2008-12-01 23:03 3,426,072 a------- d:\windows\system32\d3dx9_32.dll
2008-12-01 21:42 <DIR> --d----- d:\program files\Xtreme Sound Setup Files
2008-12-01 21:41 <DIR> --d----- d:\program files\WCPUID
2008-12-01 21:30 <DIR> --d----- d:\program files\WinDVD Setup Files
2008-12-01 21:29 <DIR> --d----- d:\windows\Profiles
2008-12-01 21:29 <DIR> --d----- d:\windows\system32\Adobe
2008-12-01 21:28 306,688 a------- d:\windows\IsUninst.exe
2008-12-01 21:25 <DIR> --d----- d:\documents and settings\marques123
2008-12-01 21:17 <DIR> --ds---- d:\windows\system32\Microsoft
2008-12-01 21:17 8,192 a------- d:\windows\REGLOCS.OLD
2008-12-01 21:14 101,376 ac------ d:\windows\system32\dllcache\srusbusd.dll
2008-12-01 21:13 229,439 ac------ d:\windows\system32\dllcache\multibox.dll
2008-12-01 21:12 10,129,408 ac------ d:\windows\system32\dllcache\hwxkor.dll
2008-12-01 21:11 57,399 ac------ d:\windows\system32\dllcache\cplexe.exe
2008-12-01 21:10 <DIR> --d----- d:\windows\system32\xircom
2008-12-01 21:09 2,577 a------- d:\windows\system32\CONFIG.NT
2008-12-01 21:09 0 a------- d:\windows\control.ini
2008-12-01 21:09 23,392 a------- d:\windows\system32\nscompat.tlb
2008-12-01 21:09 16,832 a------- d:\windows\system32\amcompat.tlb
2008-12-01 21:09 316,640 a------- d:\windows\WMSysPr9.prx
2008-12-01 21:07 <DIR> --dsh--- d:\documents and settings\all users\DRM
2008-12-01 21:06 488 a---hr-- d:\windows\system32\WindowsLogon.manifest
2008-12-01 21:06 488 a---hr-- d:\windows\system32\logonui.exe.manifest
2008-12-01 21:06 <DIR> --ds---- d:\windows\Downloaded Program Files
2008-12-01 21:06 <DIR> --d--r-- d:\windows\Offline Web Pages
2008-12-01 21:06 749 a---hr-- d:\windows\WindowsShell.Manifest
2008-12-01 21:06 749 a---hr-- d:\windows\system32\wuaucpl.cpl.manifest
2008-12-01 21:06 749 a---hr-- d:\windows\system32\sapi.cpl.manifest
2008-12-01 21:06 749 a---hr-- d:\windows\system32\nwc.cpl.manifest
2008-12-01 21:06 749 a---hr-- d:\windows\system32\ncpa.cpl.manifest
2008-12-01 21:06 749 a---hr-- d:\windows\system32\cdplayer.exe.manifest
2008-12-01 21:06 <DIR> --d-h--- d:\program files\WindowsUpdate
2008-12-01 21:05 4,399,505 ac------ d:\windows\system32\dllcache\nls302en.lex
2008-12-01 21:05 <DIR> --d----- d:\windows\system32\DirectX
2008-12-01 21:04 <DIR> --d----- d:\program files\common files\MSSoap
2008-12-01 21:01 <DIR> --d----- d:\program files\Online Services
2008-12-01 21:01 <DIR> --d----- d:\program files\Messenger
2008-12-01 21:01 <DIR> --d----- d:\program files\MSN Gaming Zone
2008-12-01 21:00 <DIR> --d----- d:\program files\Windows NT
2008-12-01 15:48 <DIR> --d----- d:\program files\common files\ODBC
2008-12-01 15:47 <DIR> --d----- d:\program files\common files\SpeechEngines
2008-12-01 15:47 <DIR> --d--r-- d:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-06 16:34 71,865 a------- d:\windows\system32\unins000.exe
2008-12-04 02:10 76,487 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-01 21:03 21,640 a------- d:\windows\system32\emptyregdb.dat
2008-11-21 16:47 524,288 a------- d:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- d:\windows\system32\qt-dx331.dll
2008-11-21 16:47 129,784 -------- d:\windows\system32\pxafs.dll
2008-11-21 16:47 120,056 -------- d:\windows\system32\pxcpyi64.exe
2008-11-21 16:47 118,520 -------- d:\windows\system32\pxinsi64.exe
2008-11-21 16:47 43,528 -------- d:\windows\system32\drivers\PxHelp20.sys
2008-11-21 16:47 9,464 -------- d:\windows\system32\drivers\cdralw2k.sys
2008-11-21 16:47 9,336 -------- d:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 16:46 1,044,480 a------- d:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- d:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- d:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- d:\windows\system32\DivXWMPExtType.dll
2008-10-27 10:04 514,384 a------- d:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- d:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- d:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- d:\windows\system32\XAPOFX1_2.dll
2008-10-24 06:21 455,296 a------- d:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:06 208,744 a------- d:\windows\system32\muweb.dll
2008-10-10 04:52 4,379,984 a------- d:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- d:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- d:\windows\system32\d3dx10_40.dll
2008-09-15 07:12 1,846,400 a------- d:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 -------- d:\windows\system32\msxml6.dll
2000-05-08 07:40 449,084 a------- d:\program files\ev19x8mp.sys

============= FINISH: 9:19:55.63 ===============



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:09 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\atievxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - D:\Program Files\vidica\tbvid0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - D:\Program Files\vidica\tbvid0.dll
O3 - Toolbar: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - D:\Program Files\vidica\tbvid0.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228387334790
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 3622 bytes

[zbirdsgirl]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:09 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\atievxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - D:\Program Files\vidica\tbvid0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - D:\Program Files\vidica\tbvid0.dll
O3 - Toolbar: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - D:\Program Files\vidica\tbvid0.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228387334790
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 3622 bytes




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/1/2008 9:15:46 PM
System Uptime: 12/7/2008 8:39:23 AM (1 hours ago)

Motherboard: Gateway | | Solo2150
Processor: Intel Celeron processor | U35 | 210/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 0 GiB total, 0.207 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 12.889 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_8938&SUBSYS_2150107B&REV_00\3&61AAA01&0&48
Manufacturer: Creative
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_8938&SUBSYS_2150107B&REV_00\3&61AAA01&0&48
Service: emu10k

==== System Restore Points ===================

RP1: 12/1/2008 9:26:12 PM - System Checkpoint
RP2: 12/1/2008 10:48:42 PM - Installed Realtek AC'97 Audio
RP3: 12/1/2008 11:02:37 PM - Installed DirectX
RP4: 12/1/2008 11:29:10 PM - Installed DirectX
RP5: 12/3/2008 7:36:30 PM - Software Distribution Service 3.0
RP6: 12/3/2008 7:40:29 PM - Installed Driver Detective
RP7: 12/3/2008 8:17:22 PM - Installed Realtek AC'97 Audio
RP8: 12/3/2008 8:31:04 PM - Software Distribution Service 3.0
RP9: 12/3/2008 8:43:09 PM - Removed Driver Detective.
RP10: 12/3/2008 8:43:46 PM - Software Distribution Service 3.0
RP11: 12/3/2008 9:51:32 PM - Software Distribution Service 3.0
RP12: 12/3/2008 9:52:43 PM - Software Distribution Service 3.0
RP13: 12/4/2008 5:44:36 AM - Software Distribution Service 3.0
RP14: 12/4/2008 7:55:13 PM - Avira AntiVir Personal - 12/4/2008 19:55
RP15: 12/4/2008 11:01:32 PM - Software Distribution Service 3.0
RP16: 12/5/2008 10:20:02 PM - Removed Realtek AC'97 Audio
RP17: 12/5/2008 10:25:27 PM - Installed Realtek AC'97 Audio
RP18: 12/5/2008 10:53:58 PM - Software Distribution Service 3.0
RP19: 12/6/2008 4:55:55 PM - Removed Microsoft Silverlight
RP20: 12/6/2008 5:55:46 PM - Installed RegTool
RP21: 12/6/2008 5:58:32 PM - Removed RegTool
RP22: 12/7/2008 9:00:43 AM - Installed DirectX

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
AudioPCI 64V (EV1938) Sound Driver Version 5.12.01.4140 for Win
AutoUpdate
Avira AntiVir Personal - Free Antivirus
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Gateway Drivers and Applications Recovery
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Service Pack 3

==== Event Viewer Messages ===================

12/6/2008 4:05:17 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/6/2008 11:02:56 AM, error: ACPI [12] - AMLI: ACPI BIOS is attempting to create an illegal memory OpRegion, starting at address 0x1000000, with a length of 0x1000000. This region lies in the Operating system's protected memory address range (0x100000 - 0x11ff0000). This could lead to system instability. Please contact your system vendor for technical assistance.
12/5/2008 11:52:24 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/3/2008 8:41:19 PM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 00008643213B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/3/2008 7:42:37 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.DirectX.dll. Reference error message: The operation completed successfully. .
12/3/2008 7:42:37 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/3/2008 7:42:37 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-07 10:12:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT F93877E4 ZwCreateThread
SSDT F93877D0 ZwOpenProcess
SSDT F93877D5 ZwOpenThread
SSDT F93877DF ZwTerminateProcess
SSDT F93877DA ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

[zbirdsgirl]

ComboFix 08-12-09.03 - marques123 2008-12-10 20:54:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.112 [GMT -5:00]
Running from: d:\documents and settings\marques123\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\marques123\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-10 15:41 . 2008-12-10 16:05 <DIR> d-------- D:\creative soundcard
2008-12-10 14:30 . 2008-12-10 14:30 <DIR> d-------- d:\windows\LastGood
2008-12-09 22:21 . 2008-12-10 14:30 <DIR> d--h----- d:\windows\$hf_mig$
2008-12-09 21:14 . 2008-12-09 21:14 406 --a------ d:\windows\system32\ioloBootDefrag.cfg
2008-12-09 21:10 . 2008-12-09 21:10 <DIR> d-------- d:\documents and settings\LocalService\Application Data\iolo
2008-12-09 21:09 . 2008-12-09 21:09 <DIR> d-------- d:\program files\iolo
2008-12-09 21:09 . 2008-12-04 16:44 935,776 --a------ d:\windows\system32\Incinerator.dll
2008-12-09 21:09 . 2008-09-24 09:32 28,672 --a------ d:\windows\system32\iolobtdfg.exe
2008-12-09 21:09 . 2008-11-18 11:51 8,192 --a------ d:\windows\system32\smrgdf.exe
2008-12-09 21:05 . 2008-04-13 19:12 16,384 --a------ d:\windows\system32\ipsink.ax
2008-12-09 21:05 . 2008-04-13 19:12 16,384 --a--c--- d:\windows\system32\dllcache\ipsink.ax
2008-12-09 21:05 . 2008-04-13 13:46 15,232 --a------ d:\windows\system32\drivers\StreamIP.sys
2008-12-09 21:05 . 2008-04-13 13:46 15,232 --a--c--- d:\windows\system32\dllcache\streamip.sys
2008-12-09 21:05 . 2008-04-13 13:46 11,136 --a------ d:\windows\system32\drivers\SLIP.sys
2008-12-09 21:05 . 2008-04-13 13:46 11,136 --a--c--- d:\windows\system32\dllcache\slip.sys
2008-12-09 21:05 . 2008-04-13 13:46 10,880 --a------ d:\windows\system32\drivers\NdisIP.sys
2008-12-09 21:05 . 2008-04-13 13:46 10,880 --a--c--- d:\windows\system32\dllcache\ndisip.sys
2008-12-09 21:05 . 2008-04-13 13:39 5,504 --a------ d:\windows\system32\drivers\MSTEE.sys
2008-12-09 21:05 . 2008-04-13 13:39 5,504 --a--c--- d:\windows\system32\dllcache\mstee.sys
2008-12-09 21:04 . 2008-04-13 13:46 85,248 --a------ d:\windows\system32\drivers\NABTSFEC.sys
2008-12-09 21:04 . 2008-04-13 13:46 85,248 --a--c--- d:\windows\system32\dllcache\nabtsfec.sys
2008-12-09 21:04 . 2008-04-13 13:46 19,200 --a------ d:\windows\system32\drivers\WSTCODEC.SYS
2008-12-09 21:04 . 2008-04-13 13:46 19,200 --a--c--- d:\windows\system32\dllcache\wstcodec.sys
2008-12-09 21:04 . 2008-04-13 13:46 17,024 --a------ d:\windows\system32\drivers\CCDECODE.sys
2008-12-09 21:04 . 2008-04-13 13:46 17,024 --a--c--- d:\windows\system32\dllcache\ccdecode.sys
2008-12-09 21:02 . 2008-04-13 13:45 32,128 --a------ d:\windows\system32\drivers\usbccgp.sys
2008-12-09 21:02 . 2008-04-13 13:45 32,128 --a--c--- d:\windows\system32\dllcache\usbccgp.sys
2008-12-09 19:42 . 2008-04-13 13:45 10,624 --a------ d:\windows\system32\drivers\gameenum.sys
2008-12-09 19:42 . 2008-04-13 13:45 10,624 --a--c--- d:\windows\system32\dllcache\gameenum.sys
2008-12-09 06:59 . 2008-04-13 14:17 83,072 --a------ d:\windows\system32\drivers\wdmaud.sys
2008-12-09 06:59 . 2008-04-13 14:17 83,072 --a--c--- d:\windows\system32\dllcache\wdmaud.sys
2008-12-09 06:59 . 2008-04-13 13:45 52,864 --a------ d:\windows\system32\drivers\DMusic.sys
2008-12-09 06:59 . 2008-04-13 13:45 52,864 --a--c--- d:\windows\system32\dllcache\dmusic.sys
2008-12-09 06:59 . 2008-04-13 13:45 6,272 --a------ d:\windows\system32\drivers\splitter.sys
2008-12-09 06:59 . 2008-04-13 13:45 6,272 --a--c--- d:\windows\system32\dllcache\splitter.sys
2008-12-08 21:31 . 2008-12-09 22:08 <DIR> d-------- d:\windows\SMINST
2008-12-08 21:31 . 2008-12-10 15:18 <DIR> d-------- d:\windows\Creator
2008-12-08 21:31 . 2008-12-08 21:31 <DIR> d-------- d:\program files\Common Files\New Boundary
2008-12-08 21:31 . 2008-12-08 21:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\Prism Deploy
2008-12-08 20:37 . 2008-10-27 12:37 4,499,280 --a------ d:\windows\system32\D3dx9d_40.dll
2008-12-08 20:37 . 2008-10-27 12:37 3,796,816 --a------ d:\windows\system32\d3dx9d_33.dll
2008-12-08 20:37 . 2008-10-27 12:37 3,084,624 --a------ d:\windows\system32\d3d9d.dll
2008-12-08 20:37 . 2008-10-27 12:37 906,576 --a------ d:\windows\system32\xaudioD2_3.dll
2008-12-08 20:37 . 2008-10-27 12:36 496,464 --a------ d:\windows\system32\D3DX10d_40.dll
2008-12-08 20:37 . 2008-10-27 12:39 360,784 --a------ d:\windows\system32\XactEngineA3_3.dll
2008-12-08 20:37 . 2008-10-27 12:39 359,760 --a------ d:\windows\system32\dinput8d.dll
2008-12-08 20:37 . 2008-10-27 12:39 349,520 --a------ d:\windows\system32\d3dref9.dll
2008-12-08 20:37 . 2008-10-27 12:39 286,032 --a------ d:\windows\system32\XactEngineD3_3.dll
2008-12-08 20:37 . 2008-10-27 12:39 123,216 --a------ d:\windows\system32\XAPOFXD1_2.dll
2008-12-08 20:37 . 2008-10-27 12:38 47,440 --a------ d:\windows\system32\X3DAudioD1_5.dll
2008-12-08 20:28 . 2008-12-08 20:37 <DIR> d-------- d:\program files\Microsoft DirectX SDK (November 2008)
2008-12-08 20:27 . 2008-12-08 20:27 119,120 --a------ d:\windows\dxsdkuninst.exe
2008-12-07 09:27 . 2008-12-07 09:28 250 --a------ d:\windows\gmer.ini
2008-12-07 09:06 . 2008-12-07 09:06 <DIR> d-------- d:\documents and settings\marques123\Application Data\DivX
2008-12-07 09:04 . 2008-12-07 09:04 <DIR> d-------- d:\program files\Microsoft Silverlight
2008-12-07 09:01 . 2007-05-16 16:45 3,497,832 --a------ d:\windows\system32\d3dx9_34.dll
2008-12-07 09:01 . 2007-03-12 16:42 3,495,784 --a------ d:\windows\system32\d3dx9_33.dll
2008-12-07 09:01 . 2007-05-16 16:45 1,124,720 --a------ d:\windows\system32\D3DCompiler_34.dll
2008-12-07 09:01 . 2007-03-12 16:42 1,123,696 --a------ d:\windows\system32\D3DCompiler_33.dll
2008-12-07 09:01 . 2007-05-16 16:45 443,752 --a------ d:\windows\system32\d3dx10_34.dll
2008-12-07 09:01 . 2007-03-15 16:57 443,752 --a------ d:\windows\system32\d3dx10_33.dll
2008-12-07 09:01 . 2007-06-20 20:46 266,088 --a------ d:\windows\system32\xactengine2_8.dll
2008-12-07 09:01 . 2007-04-04 18:55 261,480 --a------ d:\windows\system32\xactengine2_7.dll
2008-12-07 09:01 . 2007-01-24 15:27 255,848 --a------ d:\windows\system32\xactengine2_6.dll
2008-12-07 09:01 . 2007-10-22 03:37 17,928 --a------ d:\windows\system32\X3DAudio1_2.dll
2008-12-07 08:59 . 2008-12-10 07:37 <DIR> d--h----- d:\windows\msdownld.tmp
2008-12-07 08:59 . 2008-12-08 20:27 <DIR> d-------- d:\windows\Logs
2008-12-06 19:22 . 2008-12-09 22:18 <DIR> d-------- d:\program files\DivX
2008-12-06 17:56 . 2008-12-06 17:57 <DIR> d-------- d:\documents and settings\marques123\Application Data\RegTool
2008-12-06 16:11 . 2008-04-13 14:19 146,048 --a------ d:\windows\system32\drivers\portcls.sys
2008-12-06 16:11 . 2008-04-13 14:19 146,048 --a--c--- d:\windows\system32\dllcache\portcls.sys
2008-12-06 16:11 . 2008-04-13 19:12 129,536 --a------ d:\windows\system32\ksproxy.ax
2008-12-06 16:11 . 2008-04-13 19:12 129,536 --a--c--- d:\windows\system32\dllcache\ksproxy.ax
2008-12-06 16:11 . 2008-04-13 13:45 60,160 --a------ d:\windows\system32\drivers\drmk.sys
2008-12-06 16:11 . 2008-04-13 13:45 60,160 --a--c--- d:\windows\system32\dllcache\drmk.sys
2008-12-06 16:11 . 2008-04-13 19:11 4,096 --a------ d:\windows\system32\ksuser.dll
2008-12-06 16:11 . 2008-04-13 19:11 4,096 --a--c--- d:\windows\system32\dllcache\ksuser.dll
2008-12-06 15:49 . 2008-12-06 16:29 <DIR> d-------- D:\pnp
2008-12-06 15:49 . 2008-12-06 16:34 2,278 --a------ d:\windows\system32\unins000.dat
2008-12-06 15:32 . 2008-12-06 15:32 <DIR> d-------- d:\documents and settings\marques123\Application Data\Uniblue
2008-12-06 15:28 . 2001-08-17 22:36 8,704 --a------ d:\windows\system32\kbdjpn.dll
2008-12-06 15:28 . 2001-08-17 22:36 8,704 --a--c--- d:\windows\system32\dllcache\kbdjpn.dll
2008-12-06 15:28 . 2001-08-17 22:36 8,192 --a------ d:\windows\system32\kbdkor.dll
2008-12-06 15:28 . 2001-08-17 22:36 8,192 --a--c--- d:\windows\system32\dllcache\kbdkor.dll
2008-12-06 15:28 . 2008-04-13 19:09 6,144 --a------ d:\windows\system32\kbd106.dll
2008-12-06 15:28 . 2001-08-17 14:55 6,144 --a------ d:\windows\system32\kbd101c.dll
2008-12-06 15:28 . 2001-08-17 14:55 6,144 --a------ d:\windows\system32\kbd101b.dll
2008-12-06 15:28 . 2008-04-13 19:09 6,144 --a--c--- d:\windows\system32\dllcache\kbd106.dll
2008-12-06 15:28 . 2001-08-17 14:55 6,144 --a--c--- d:\windows\system32\dllcache\kbd101c.dll
2008-12-06 15:28 . 2001-08-17 14:55 6,144 --a--c--- d:\windows\system32\dllcache\kbd101b.dll
2008-12-06 15:28 . 2001-08-17 14:55 5,632 --a------ d:\windows\system32\kbd103.dll
2008-12-06 15:28 . 2001-08-17 14:55 5,632 --a--c--- d:\windows\system32\dllcache\kbd103.dll
2008-12-06 14:33 . 2008-12-06 14:33 <DIR> d-------- d:\program files\Trend Micro
2008-12-06 00:05 . 2008-12-06 11:02 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2008-12-06 00:05 . 2008-12-06 13:45 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 23:31 . 2008-12-05 23:52 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2008-12-05 22:25 . 2008-12-10 11:46 <DIR> d-------- d:\program files\Realtek AC97
2008-12-04 19:57 . 2008-12-04 19:57 <DIR> d-------- d:\program files\Avira
2008-12-04 19:57 . 2008-12-04 19:57 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avira
2008-12-04 18:54 . 2008-10-16 14:06 268,648 --a------ d:\windows\system32\mucltui.dll
2008-12-04 18:54 . 2008-10-16 14:06 27,496 --a------ d:\windows\system32\mucltui.dll.mui
2008-12-04 18:46 . 2008-12-10 17:32 <DIR> d-------- d:\program files\Gateway
2008-12-04 02:05 . 2008-12-04 02:05 <DIR> d-------- d:\windows\system32\scripting
2008-12-04 02:05 . 2008-12-04 02:05 <DIR> d-------- d:\windows\system32\en
2008-12-04 02:05 . 2008-12-04 02:05 <DIR> d-------- d:\windows\system32\bits
2008-12-04 02:05 . 2008-12-04 02:05 <DIR> d-------- d:\windows\l2schemas
2008-12-04 02:00 . 2008-12-04 02:06 <DIR> d-------- d:\windows\ServicePackFiles
2008-12-04 01:47 . 2008-12-04 01:47 <DIR> d-------- d:\windows\EHome
2008-12-03 20:59 . 2008-10-16 15:38 6,066,176 -----c--- d:\windows\system32\dllcache\ieframe.dll
2008-12-03 20:59 . 2007-04-17 04:32 2,455,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dat
2008-12-03 20:59 . 2007-03-08 00:10 991,232 -----c--- d:\windows\system32\dllcache\ieframe.dll.mui
2008-12-03 20:59 . 2008-10-16 15:38 459,264 -----c--- d:\windows\system32\dllcache\msfeeds.dll
2008-12-03 20:59 . 2008-10-16 15:38 383,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dll
2008-12-03 20:59 . 2008-10-16 15:38 267,776 -----c--- d:\windows\system32\dllcache\iertutil.dll
2008-12-03 20:59 . 2008-10-16 15:38 63,488 -----c--- d:\windows\system32\dllcache\icardie.dll
2008-12-03 20:59 . 2008-10-16 15:38 52,224 -----c--- d:\windows\system32\dllcache\msfeedsbs.dll
2008-12-03 20:59 . 2008-10-16 08:11 13,824 -----c--- d:\windows\system32\dllcache\ieudinit.exe
2008-12-03 20:18 . 2004-08-03 22:29 1,897,408 --------- d:\windows\system32\drivers\nv4_mini.sys
2008-12-03 20:17 . 2006-02-28 07:00 381,425 -----c--- d:\windows\system32\dllcache\copycd.wmv
2008-12-03 20:17 . 2004-07-17 22:55 129,045 --------- d:\windows\system32\drivers\cxthsfs2.cty
2008-12-03 20:17 . 2006-02-28 07:00 9,585 -----c--- d:\windows\system32\dllcache\controls.css
2008-12-03 20:17 . 2006-02-28 07:00 8,298 -----c--- d:\windows\system32\dllcache\contents.htm
2008-12-03 20:17 . 2006-02-28 07:00 6,878 -----c--- d:\windows\system32\dllcache\controls.js
2008-12-03 20:17 . 2006-02-28 07:00 999 -----c--- d:\windows\system32\dllcache\bktrh.gif
2008-12-03 20:17 . 2006-02-28 07:00 773 -----c--- d:\windows\system32\dllcache\cnth.gif

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 21:34 71,865 ----a-w d:\windows\system32\unins000.exe
2008-12-02 03:48 --------- d-----w d:\program files\Common Files\InstallShield
2008-12-02 02:47 --------- d-----w d:\program files\Common Files\Adobe
2008-12-02 02:42 --------- d-----w d:\program files\Xtreme Sound Setup Files
2008-12-02 02:41 --------- d-----w d:\program files\WCPUID
2008-12-02 02:30 --------- d-----w d:\program files\WinDVD Setup Files
2008-12-02 02:29 --------- d-----w d:\documents and settings\marques123\Application Data\InterTrust
2008-12-02 02:10 --------- d-----w d:\program files\microsoft frontpage
2008-11-21 21:44 161,096 ----a-w d:\windows\system32\DivXCodecVersionChecker.exe
2008-10-27 15:04 70,992 ----a-w d:\windows\system32\XAPOFX1_2.dll
2008-10-27 15:04 514,384 ----a-w d:\windows\system32\XAudio2_3.dll
2008-10-27 15:04 235,856 ----a-w d:\windows\system32\xactengine3_3.dll
2008-10-27 15:04 23,376 ----a-w d:\windows\system32\X3DAudio1_5.dll
2008-10-24 11:21 455,296 ----a-w d:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w d:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w d:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 19:06 208,744 ----a-w d:\windows\system32\muweb.dll
2008-10-10 09:52 452,440 ----a-w d:\windows\system32\d3dx10_40.dll
2008-10-10 09:52 4,379,984 ----a-w d:\windows\system32\D3DX9_40.dll
2008-10-10 09:52 2,036,576 ----a-w d:\windows\system32\D3DCompiler_40.dll
2008-10-03 10:02 247,326 ----a-w d:\windows\system32\strmdll.dll
2008-09-15 12:12 1,846,400 ----a-w d:\windows\system32\win32k.sys
2000-05-08 12:40 449,084 ----a-w d:\program files\ev19x8mp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mixerbar"="d:\windows\system32\mixerbar.exe" [2000-05-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=

R2 ioloFileInfoList;iolo FileInfoList Service;d:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-09 596336]
R2 ioloSystemService;iolo System Service;d:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-09 596336]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;d:\windows\system32\DRIVERS\EL556ND5.sys [2008-12-01 55999]
R3 ev19x8mp;SB AudioPCI Audio Driver (WDM);d:\windows\system32\drivers\ev19x8mp.sys [2000-05-08 449084]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;d:\windows\system32\DRIVERS\WDHAALBA.sys [2008-12-01 701386]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 d:\windows\Tasks\RegTool Scan.job
- d:\program files\RegTool\RegTool.exe []

2008-12-10 d:\windows\Tasks\RegTool Scan.job
- d:\program files\RegTool []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-46958507170190711420142055561924 - d:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-DriverUpdaterPro - d:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-RegTool - d:\program files\RegTool\RegTool.exe


.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 21:02:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-10 21:05:02
ComboFix-quarantined-files.txt 2008-12-11 02:04:57

Pre-Run: 12,492,836,864 bytes free
Post-Run: 12,564,041,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2008-12-05 04:03:18

[sUBs]

Log appears clean but let's do a perfunctory scan

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[zbirdsgirl]

I ran this scan twice! There is no report. It says on the top there was no malware found.

[sUBs]

Do you still have other issues with the machine?

[zbirdsgirl]

Most of my issues are resolved with the exception of internet browsing issues with this computer now, the wireless connection says the connection is excellent, telling me the modem seems fine, but something else is going on with it. I can get right on the internet, but then it won't let me access different websites. I tried using a firefox browser, but the same thing happens. We checked the firewall settings, they are not blocking internet access.
I'm using a USB network adapter, the adapter seemed to install fine. It's a Dynex 54Mbps

[sUBs]

Quote:

I can get right on the internet, but then it won't let me access different websites. I tried using a firefox browser, but the same thing happens.

Which websites were you not able to access?

[zbirdsgirl]

It's almost like I get bumped offline, it happens on any site, but my connection says excellent.

[sUBs]

Please show me a fresh gmer log

[zbirdsgirl]

Laptop is back to it's owner, seems to be working fine, the issue with getting bumped offline is not isolated to that laptop though, so it doesn't seem to be the laptop. Seems to be worse with my desk pc, which I will start another thread with. Thank you so much for all your help.