TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Krogan on April 11, 2009, 02:32:37 AM

Title: Sound not working?
Post by: Krogan on April 11, 2009, 02:32:37 AM
So for about the past week or so my sound has not been working. I have tried uninstalling the sound driver for my card and reinstalling it, i have tried rebooting, pretty much everything you can google i have googled and tried and it hasnt working.

System specs

2004 HP Pavilion a610n
amd processor 2.1ghz (?)
1.5gb ram
windows xp sp3


Any suggestions or anyone that has had this problem and found a fix for it?

Please help because I just pay $100 for a new surround system for my PC and i don't want that to be a waste of money.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:33 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?gcht=SC&...01676&l=dis (http://\"http://today.ask.com/frostwire?gcht=SC&o=101676&l=dis\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll (file missing)
O2 - BHO: (no name) - {4AD4DEF0-7B4F-42F4-A8B6-D0F725C52014} - C:\WINDOWS\system32\efcdcATJ.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jKASIXrS.dll (file missing)
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [546d0df0] rundll32.exe "C:\WINDOWS\system32\lgyothyp.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - S-1-5-21-3901419867-986033703-2805721932-1003 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User '?')
O4 - S-1-5-21-3901419867-986033703-2805721932-1003 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User '?')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - AppInit_DLLs: ifwuke.dll
O20 - Winlogon Notify: jKASIXrS - jKASIXrS.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe





EDIT: added hijackthis log
Title: Sound not working?
Post by: guestolo on April 11, 2009, 09:59:58 AM
Download [color=\"#FF0000\"]> ATF Cleaner <[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop

Double Click mbam-setup.exe to install the application.Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also post a fresh Hijackthis log
Title: Sound not working?
Post by: Krogan on April 11, 2009, 12:25:22 PM
I downloaded both of those before you replied to my post because i was searching through other threads and saw that that was your solution for alot of problems. I ran the ATF cleaner and it worked but the MBAM ran into a problem.

The error that i got was Runtime error '372'. It said that it failed to load vbalgrid from vbalsgrid6.ocx and that my vbalsgrid6.ocx may be outdated.

also a couple of other problems my PC is having is that my taskbar is not showing applications that i have open and my taskmanager is not showing the Username for the processes that are currently running. Also, my computer is not letting me do a system restore.

I have AVG which you can see from my HIJACKTHIS log and i ran that along with a CONFICKER removal tool and i do not have conficker or any other known viruses.
Title: Sound not working?
Post by: guestolo on April 11, 2009, 12:51:26 PM
The malware on your computer has probably messed with your permissions

Can you do the following
Download then install >[color=\"#FF0000\"]SubInACL[/color] (http://\"http://www.microsoft.com/downloads/details.aspx?FamilyId=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en\")<[/url]

Afterwards:
Download updateMBperms.bat (http://\"http://kixhelp.com/wr/files/mb/updateMBperms.bat\") to your desktop

Ensure you already have SubInACL installed then double click on updateMBperms.bat

A dos-like window will open, allow to run and then try to reinstall Malwarebytes
Title: Sound not working?
Post by: Krogan on April 11, 2009, 01:13:12 PM
Thanks questolo i am installing SubInAcl right now.

I really hope that i can get this resolved because i don't have a Windows XP cd and i have wayyy to much stuff on my comp to just wipe it for a fresh install.
Title: Sound not working?
Post by: Krogan on April 11, 2009, 01:15:39 PM
Would not install. Error box popped up and said that Windows Installer Service could not be accessed
Title: Sound not working?
Post by: guestolo on April 11, 2009, 02:10:14 PM
Download and save to desktop Dial-a-Fix.zip (http://\"http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip\")
For an alternate download location you can try HERE (http://\"http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip\")

Extract the contents to it's own folder
Open the newly extracted folder
Double click on Dial-a-fix.exe to  run it
At the bottom of the main screen, Click the GREEN checkmark
This should select all setting
Then click GO

Ensure date/time is selected properly when prompted, then let the tool continue
When it's done
Reboot the computer

Try Malwarebytes again, if no luck, we'll go a different route
Title: Sound not working?
Post by: Krogan on April 11, 2009, 02:18:54 PM
Getting ready to reboot but when Dial-a-fix was running it kept telling me that loads of my DLLs were corrupt, missing, or the program couldnt verify their integrity or version.

I will go through the log and post all the errors after i reboot
Title: Sound not working?
Post by: guestolo on April 11, 2009, 02:21:09 PM
I still want to know if you can run Malwarebytes after reboot
Title: Sound not working?
Post by: Krogan on April 11, 2009, 02:35:40 PM
same problem as before. . . it says that it cannon  load vbalgrid

Also, after the reboot my taskbar didnt show up
Title: Sound not working?
Post by: guestolo on April 11, 2009, 02:44:14 PM
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif)
(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif)

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with some tools[/color]

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combo-Fix.txt in your next reply
Title: Sound not working?
Post by: Krogan on April 11, 2009, 03:42:53 PM
Ok so i ran the program and it restarted my comp and everything and took FOREVER to make the log but here it is.

Also on reboot the taskbar didnt come up and now the appearance of the menu bars on all open applications are Windows classic and properties has no option for a windows xp appearance.



cant find the log /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

IDK but im gonna look around and see if i can find a windows xp disk. . . fresh install will hopefully fix it. . .

Reformatting instructions?

Clean wipe instructions?

Maybe ill switch to Ubuntu or Suse i know i have copies of both but i know that there is issues with the java on linux and also i play starcraft alot so idk
Title: Sound not working?
Post by: guestolo on April 11, 2009, 03:51:21 PM
Look for a copy of the log here
C:\Combo-Fix.txt
Title: Sound not working?
Post by: Krogan on April 11, 2009, 03:52:32 PM
ComboFix 09-04-04.01 - Owner 2009-04-11 15:54:39.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\recycler\desktopA.sys
c:\windows\box boat blue.ico
c:\windows\system32\ad020326.de
c:\windows\system32\emudobes.ini
c:\windows\system32\JTAcdcfe.ini
c:\windows\system32\JTAcdcfe.ini2
c:\windows\system32\kjbhlo.dll
c:\windows\system32\mbho.dll
c:\windows\system32\msc020807.de
c:\windows\system32\MSCStat2.exe
c:\windows\system32\pyhtoygl.ini
c:\windows\system32\sebodume.dll
c:\windows\system32\vfohejvs.ini
c:\windows\system32\vusunifo.dll
c:\windows\system32\yamapaso.dll
c:\windows\Sysvxd.exe
c:\windows\Tasks\qnbyuvoi.job
c:\windows\wiaserviv.log
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-03-11 to 2009-04-11  )))))))))))))))))))))))))))))))
.

2009-04-11 15:14 . 2009-04-11 15:14   <DIR>   d--------   c:\windows\system32\CatRoot2
2009-04-11 02:42 . 2009-04-11 02:42   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-04-11 02:42 . 2009-04-11 02:42   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 02:42 . 2009-04-06 15:32   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 02:42 . 2009-04-06 15:32   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-04-11 02:36 . 2009-04-11 02:36   <DIR>   d--------   c:\program files\Trend Micro
2009-04-08 17:21 . 2009-04-08 17:21   <DIR>   d--------   c:\windows\Sun
2009-04-03 17:10 . 2009-04-11 15:30   2,015,232   --a------   C:\ffastunT.ffl
2009-03-28 11:27 . 2009-03-28 11:27   <DIR>   d--------   c:\program files\Codec Pack - All In 1
2009-03-28 11:27 . 2009-03-28 11:26   737,280   --a------   c:\windows\iun6002.exe
2009-03-25 23:11 . 2009-03-25 23:11   <DIR>   d--h-----   c:\windows\PIF
2009-03-20 02:40 . 2008-10-16 14:06   268,648   --a------   c:\windows\system32\mucltui.dll
2009-03-20 02:40 . 2008-10-16 14:06   208,744   --a------   c:\windows\system32\muweb.dll
2009-03-20 02:40 . 2008-10-16 14:06   27,496   --a------   c:\windows\system32\mucltui.dll.mui
2009-03-19 23:17 . 2009-03-19 23:17   <DIR>   d--------   c:\program files\Microsoft Silverlight
2009-03-18 23:23 . 2009-03-31 16:20   <DIR>   d--------   c:\program files\IrfanView
2009-03-18 01:29 . 2009-03-18 01:29   <DIR>   d--------   c:\program files\Alex Feinman
2009-03-16 18:50 . 2009-03-16 18:50   0   --a------   c:\windows\system32\LexFiles.ulf
2009-03-15 18:50 . 2009-03-15 18:50   65,466   --a------   c:\windows\BricoPackUninst.cmd
2009-03-15 18:49 . 2009-03-15 18:49   3,932,214   --a------   c:\windows\BricoPack Wallpaper.bmp
2009-03-15 18:48 . 2009-03-15 18:50   6,114   --a------   c:\windows\BricoPackFoldersDelete.cmd
2009-03-15 18:47 . 2009-03-15 18:47   <DIR>   d--------   c:\windows\BricoPacks
2009-03-15 01:16 . 2009-03-15 01:16   <DIR>   d--------   c:\program files\Snapshot Viewer
2009-03-11 22:36 . 2009-03-11 22:36   <DIR>   d--------   c:\program files\Hero Editor
2009-03-11 22:36 . 2009-03-11 22:36   249,856   ---------   c:\windows\Setup1.exe
2009-03-11 22:36 . 2009-03-11 22:36   73,216   --a------   c:\windows\ST6UNST.EXE
2009-03-11 19:24 . 2009-03-11 19:24   <DIR>   d--------   c:\documents and settings\Owner\Application Data\SampleView
2009-03-11 19:02 . 2009-03-11 19:02   0   --a------   c:\windows\MSDraw.ini
2009-03-11 18:51 . 2009-03-11 18:53   4   --a------   c:\windows\msoffice.ini
2009-03-11 18:49 . 2008-04-13 19:11   870,784   --a------   c:\windows\system32\ati3d1ag.dll
2009-03-11 18:49 . 2008-04-13 19:11   32,768   --a------   c:\windows\system32\ativtmxx.dll
2009-03-11 18:49 . 2008-04-13 19:12   23,040   --a------   c:\windows\system32\ativmvxx.ax
2009-03-11 18:49 . 2008-04-13 19:12   9,728   --a------   c:\windows\system32\ativdaxx.ax
2009-03-11 18:14 . 2009-03-11 18:14   <DIR>   d--------   c:\program files\LSI SoftModem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 21:00   ---------   d-----w   c:\program files\Steam
2009-04-11 20:52   34   ----a-w   c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-04-11 20:51   ---------   d-----w   c:\program files\Mozilla Firefox 3 Beta 4
2009-04-11 07:16   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg7
2009-04-04 17:06   ---------   d-----w   c:\documents and settings\Owner\Application Data\FrostWire
2009-04-02 23:48   ---------   d-----w   c:\documents and settings\Owner\Application Data\AVG7
2009-03-28 04:05   ---------   d-----w   c:\program files\Diablo II
2009-03-19 03:45   ---------   d-----w   c:\program files\Java
2009-03-16 05:57   ---------   d-----w   c:\program files\FrostWire
2009-03-12 00:38   ---------   d-----w   c:\program files\Common Files\AOL
2009-03-12 00:25   ---------   d-----w   c:\program files\WinFlip
2009-03-12 00:14   ---------   d-----w   c:\program files\LimeWire
2009-03-12 00:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\AOL
2009-03-11 23:57   ---------   d-----w   c:\program files\Yahoo!
2009-03-11 23:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-11 23:56   ---------   d-----w   c:\program files\QuickTime
2009-03-11 23:56   ---------   d-----w   c:\program files\HP Instant Support
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\tor
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\Hamachi
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\AOL
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\7100Series
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Mike\Application Data\AOL
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\McAfee.com
2009-03-11 23:54   ---------   d-----w   c:\program files\Bonjour
2009-03-11 01:25   94,208   ----a-w   c:\windows\DIIUnin.exe
2009-03-11 01:25   2,829   ----a-w   c:\windows\DIIUnin.pif
2009-03-09 23:48   ---------   d-----w   c:\program files\XP Codec Pack
2009-03-09 01:28   5,376   ----a-w   c:\windows\system32\drivers\MS1000.sys
2009-03-07 01:56   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-07 01:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\funkitron
2009-03-07 01:54   ---------   d-----w   c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-07 01:54   ---------   d-----w   c:\program files\Graboid
2009-03-05 02:05   ---------   d-----w   c:\documents and settings\All Users\Application Data\MumboJumbo
2009-03-03 05:25   ---------   d-----w   c:\documents and settings\Owner\Application Data\vlc
2009-03-03 01:18   ---------   d-----w   c:\documents and settings\Owner\Application Data\MozillaControl
2009-03-03 01:17   ---------   d-----w   c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-03 01:14   ---------   d-----w   c:\program files\VideoLAN
2009-02-27 06:11   56,320   ----a-w   c:\windows\system32\drivers\UACd.sys
2009-02-27 05:27   90,112   ----a-w   c:\windows\DUMP2e91.tmp
2009-02-24 19:48   ---------   d-----w   c:\documents and settings\LocalService\Application Data\AVG7
2009-02-14 19:56   ---------   d-----w   c:\program files\iTunes
2009-02-14 19:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-14 19:55   ---------   d-----w   c:\program files\iPod
2009-02-14 19:55   ---------   d-----w   c:\program files\Common Files\Apple
2008-02-11 03:04   67,696   ----a-w   c:\program files\mozilla firefox\components\jar50.dll
2008-02-11 03:04   54,376   ----a-w   c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-11 03:04   34,952   ----a-w   c:\program files\mozilla firefox\components\myspell.dll
2008-02-11 03:04   46,720   ----a-w   c:\program files\mozilla firefox\components\spellchk.dll
2008-02-11 03:04   172,144   ----a-w   c:\program files\mozilla firefox\components\xpinstal.dll
2004-09-20 18:49   0   --sha-w   c:\windows\SMINST\HPCD.sys
2008-09-28 08:16   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.

------- Sigcheck -------

2004-08-04 02:56  14336  8f078ae4ed187aaabc0a305146de6716   c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:12  14336  27c6d03bcdb8cfeb96b716f3d8be3e18   c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12  14336  27c6d03bcdb8cfeb96b716f3d8be3e18   c:\windows\system32\svchost.exe

2005-03-02 13:09  577024  de2db164bbb35db061af0997e4499054   c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 13:19  577024  1800f293bccc8ede8a70e12b88d80036   c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48  578048  7aa4f6c00405dfc4b70ed4214e7d687b   c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 10:36  577536  b409909f6e2e8a7067076ed748abf1e7   c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-04 02:56  577024  c72661f8552ace7c5c85e16a3cf505c4   c:\windows\$NtUninstallKB890859$\user32.dll
2003-09-25 18:49  560128  32173306185f603e75c477e117f3bb8d   c:\windows\$NtUninstallKB890859_0$\user32.dll
2005-03-02 13:09  577024  de2db164bbb35db061af0997e4499054   c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-13 19:12  578560  b26b135ff1b9f60c9388b4a7d16f600b   c:\windows\ServicePackFiles\i386\user32.dll
2004-06-17 12:58  560128  31fb2d788a9aa618452c02e8375b6dcd   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dll
2008-04-13 19:12  578560  b26b135ff1b9f60c9388b4a7d16f600b   c:\windows\system32\user32.dll

2004-08-04 02:56  82944  2ed0b7f12a60f90092081c50fa0ec2b2   c:\windows\$NtServicePackUninstall$\ws2_32.dll
2002-08-29 07:00  75264  8529c295df59b564d37a73b5629162b1   c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 07:15  70656  3748e0fc8c1b6ada49f98c8e69a4228c   c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
2008-04-13 19:12  82432  2ccc474eb85ceaa3e1fa1726580a3e5a   c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12  82432  2ccc474eb85ceaa3e1fa1726580a3e5a   c:\windows\system32\ws2_32.dll

2004-09-29 13:27  656896  2c07195588d69a067c2afdaa31759295   c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 12:08  657920  a8eac5330876548e9966a7d13025d196   c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 15:57  658944  e1e18136f9dd3df1ad9c82193a5898a6   c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 02:43  657920  c8663b488996e89a84c3d17c1d12b79e   c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 18:53  660480  97a6fd7cafd688cf2c78939ebaf0cd0c   c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 21:09  659456  6e533d155b259eb2363d3e04b5be309f   c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 22:38  661504  af785c4947676a7fc1673fdc5c8d0b5b   c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-03 22:58  663552  c0845ecbf4f9164e618ee381b79c9032   c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 00:25  663552  d94cffdb53e7ac867438e2dfd50e7cbc   c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 06:25  664576  64ce26db72810b30f7855ea51e1df836   c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 03:31  664576  d207370287cf769aebebf03837784963   c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 10:34  664576  231ef4179acabe486376b5ca893f1076   c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-07 12:40  823296  b8f4db39ca7353752f245379d285c80e   c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 04:08  823808  431defbb4a3d7b0dc062c1b064623a2f   c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 09:40  824320  d6ed5e042c5207553e7f5e842918137f   c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 05:02  825344  357d54bf94fe9d6d8505a96b5c2a3bca   c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-10 18:47  825344  0e5d918f87efa7d2424d66b499c7eb04   c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 19:44  666112  085a7c37f9c6ede1ba870b7dbec06399   c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-06 21:01  825344  b5b411bb229ae6ead7652a32ed47bfb9   c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 04:32  666112  bb1eacd6ab47e78ebca02eb781550d55   c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 01:56  666624  2e7de1bf9418b071799eb53de8cc22f5   c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 01:44  666112  2b0c24aa747a93a28987b6d65a4a74bc   c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 01:24  666624  26f240c250e5b4b395cb4b178ba75437   c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-04-22 22:35  827392  41546b396a526918da7995a02ea04e51   c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 11:01  827904  c66402a06b83b036c195242c0c8cf83c   c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 04:08  827904  77c192fe56a70d7fa0247ba0a6201c32   c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2004-08-04 02:56  656384  c0823fc5469663ba63e7db88f9919d70   c:\windows\$NtServicePackUninstall$\wininet.dll
2004-08-04 02:56  656384  c0823fc5469663ba63e7db88f9919d70   c:\windows\$NtUninstallKB834707$\wininet.dll
2004-09-29 13:47  656896  cba65b573c66fe23f647ff96e3a10994   c:\windows\$NtUninstallKB867282$\wininet.dll
2005-03-10 03:02  656896  6f018d6319be4f96426ea829b79e05d5   c:\windows\$NtUninstallKB883939$\wininet.dll
2005-01-27 12:13  656896  b5e043e440b210014e021b24cf0a72e3   c:\windows\$NtUninstallKB890923$\wininet.dll
2005-07-02 21:11  658432  5b5ff992c0fa762ccf8655fc290e6e52   c:\windows\$NtUninstallKB896688$\wininet.dll
2005-05-02 15:52  657920  1a078af3f85d10ba56444c23b3a18e74   c:\windows\$NtUninstallKB896727$\wininet.dll
2005-09-02 18:52  658432  af61ebb1f550175eff406d545d6ab086   c:\windows\$NtUninstallKB905915$\wininet.dll
2005-10-20 22:39  658432  e7b27b6b6e06ce34ea019fd8b858c613   c:\windows\$NtUninstallKB912812$\wininet.dll
2006-03-03 22:33  658432  1c0979c7a489bee573cd0bf4ad94bb06   c:\windows\$NtUninstallKB916281$\wininet.dll
2006-05-10 00:23  658432  38ab7a56f566d9aaad31812494944824   c:\windows\$NtUninstallKB918899$\wininet.dll
2004-01-22 02:16  588288  96e9cbb9f5b7faca709d87f49183ae5f   c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2006-06-23 06:02  658944  2b4db890936430c71419037039502752   c:\windows\$NtUninstallKB922760$\wininet.dll
2006-10-23 10:17  658944  6b2735adff5a5d3b9130ca4a794722f0   c:\windows\$NtUninstallKB925454$\wininet.dll
2006-09-14 03:39  658944  621af3f6174a3f60677f5230e28bcc07   c:\windows\$NtUninstallKB925454_0$\wininet.dll
2004-08-04 02:56  656384  c0823fc5469663ba63e7db88f9919d70   c:\windows\$NtUninstallKB944533$\wininet.dll
2007-12-06 20:07  659456  57d1b5150cf6331fac6b3e04c1fcb966   c:\windows\$NtUninstallKB947864$\wininet.dll
2008-02-16 03:59  659456  0c690e77c0e924c45b4d7045b182fff1   c:\windows\$NtUninstallKB950759$\wininet.dll
2008-04-21 02:04  659456  1efb8a3ea8454aec1bb8a240a2845598   c:\windows\ie7\wininet.dll
2007-03-07 12:45  822784  5b35dae6e4886f64d1da58c4e3e01eb9   c:\windows\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 03:41  822784  0586a7f0b2fdb94d624f399d4728e7c8   c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 09:34  823808  8068cbb58fe60cc95aeb2cff70178208   c:\windows\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 05:04  824832  774435e499d8e9643ec961a6103c361f   c:\windows\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56  824832  30c1e0f34ad2972c72a01db5c74ab065   c:\windows\ie7updates\KB944533-IE7\wininet.dll
2006-11-07 21:03  818688  92995334f993e6e49c25c6d02ec04401   c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-22 23:16  826368  f6589be784647cfdbc22ea51ccb1a57a   c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 11:57  826368  8c13d4a7479fa0a026eda8abce82c0ed   c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 02:24  826368  ef8eba98145bfa44e80d17a3b3453300   c:\windows\ie8\wininet.dll
2009-01-15 02:05  902656  8a11276d3ea94ad90e75ac5856eb1b67   c:\windows\ServicePackFiles\i386\wininet.dll
2008-12-20 18:15  826368  a82935d32d0672e8ff4e91ae398e901c   c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
2008-12-20 18:56  827904  044e0a4e9fe97c0fb9afe9c89e2a82e6   c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
2007-04-18 07:46  665600  4261ba03afd659de04f0a17dfbdd454d   c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\wininet.dll
2009-01-15 02:05  911872  203c05a174a45270a30cdd593092d91e   c:\windows\system32\wininet.dll

2005-05-25 14:07  359936  63fdfea54eb53de2d863ee454937ce1e   c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07  360448  5562cc0a47b2aef06d3417b733f3c195   c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 06:51  359808  1dbf125862891817f374f407626967f4   c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 07:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53  360832  64798ecfa43d78c7178375fcdd16d8c8   c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44  360960  744e57c99232201ae98c49168b918f48   c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59  361600  ad978a1b783b5719720cff204b666c8e   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 05:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14  359040  9f4b36614a0fc234525ba224957de55c   c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04  359808  88763a98a4c26c409741b4aa162720c9   c:\windows\$NtUninstallKB913446$\tcpip.sys
2004-08-04 01:14  359040  9f4b36614a0fc234525ba224957de55c   c:\windows\$NtUninstallKB917953$\tcpip.sys
2002-08-29 07:00  332928  244a2f9816bc9b593957281ef577d976   c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 06:51  359808  1dbf125862891817f374f407626967f4   c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 14:20  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 12:20  360064  90caff4b094573449a0872a0f919b178   c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 14:20  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 06:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   c:\windows\system32\drivers\tcpip.sys

2004-08-04 02:56  502272  01c3346c241652f43aed8e2149881bfe   c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:12  507904  ed0ef0a136dec83df69f04118870003e   c:\windows\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38  483328  e7f9d2e4e4a94a6f58014e5ffa16a65e   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12  507904  ed0ef0a136dec83df69f04118870003e   c:\windows\system32\winlogon.exe

2004-08-04 01:14  182912  558635d3af1c7546d26067d5d9b6959e   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 14:20  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20  182656  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2004-08-04 01:00  29056  4448006b6bc60e6c027932cfc38d6855   c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 13:53  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\system32\drivers\ip6fw.sys

2005-03-01 19:34  2056832  81013f36b21c7f72cf784cc6731e0002   c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-01 19:36  2056832  d8aba3eab509627e707a3b14f00fbb6b   c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 11:12  2059392  ba4b97c00a437c1cc3da365d93ee1e9d   c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 04:15  2059392  4d3dbdccbf97f5ba1e74f322b155c3ba   c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 15:39  2066048  a25e9b86effb2af33bf51e676b68bfb0   c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2007-02-28 03:38  2057600  515d30e2c90a3665a2739309334c9283   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:58  2056832  947fb1d86d14afcffdb54bf837ec25d0   c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2003-04-24 17:57  1949440  46ae6f2d416c39ffdcfc8bcb01203ea3   c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-01 19:34  2056832  81013f36b21c7f72cf784cc6731e0002   c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
2005-03-01 19:34  2056832  81013f36b21c7f72cf784cc6731e0002   c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 13:31  2065792  109f8e3e3c82e337bb71b6bc9b895d61   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 04:33  2066048  4ac58f03eb94a72809949d757fc39d80   c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 13:31  2065792  109f8e3e3c82e337bb71b6bc9b895d61   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2004-06-17 03:03  1954688  ed0d7a5f1138ccfd3ecaf8f6ac691f13   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntkrnlpa.exe
2008-08-14 04:33  2066048  4ac58f03eb94a72809949d757fc39d80   c:\windows\system32\ntkrnlpa.exe

2005-03-01 19:59  2179328  4d4cf2c14550a4b7718e94a6e581856e   c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-01 20:04  2179456  28187802b7c368c0d3aef7d4c382aabb   c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 11:51  2182016  cef243f6defd20be4adde26c7ecacb54   c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 04:55  2182144  5a5c8db4aa962c714c8371fbdf189fc9   c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 16:11  2189184  31914172342bff330063f343ac6958fe   c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2007-02-28 04:10  2180352  582a8dbaa58c3b1f176eb2817daee77c   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 01:19  2180992  ce218bc7088681faa06633e218596ca7   c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2003-04-24 17:57  1925760  97ec4ab4650da6fc521cf16f8a6ddcb0   c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-01 19:59  2179328  4d4cf2c14550a4b7718e94a6e581856e   c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
2005-03-01 19:59  2179328  4d4cf2c14550a4b7718e94a6e581856e   c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 14:27  2188928  0c89243c7c3ee199b96fcc16990e0679   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 05:11  2189184  eeaf32f8e15a24f62becb1bd403bb5c5   c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-13 14:27  2188928  0c89243c7c3ee199b96fcc16990e0679   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2004-06-17 12:22  2051584  f240dc474f8edb2d95514d831df069e5   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntoskrnl.exe
2008-08-14 05:11  2189184  eeaf32f8e15a24f62becb1bd403bb5c5   c:\windows\system32\ntoskrnl.exe

2008-04-13 19:12  1033728  12896823fb95bfb3dc9b46bcaedc9923   c:\windows\explorer.exe
2007-06-13 06:26  1033216  7712df0cdde3a5ac89843e61cd5b3658   c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23  1033216  97bd6515465659ff8f3b7be375b2ea87   c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56  1032192  a0732187050030ae399b241436565e64   c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:12  975872  561a50497324f378e30f55d09b4e1258   c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 02:56  108032  c6ce6eec82f187615d1002bb3bb50ed4   c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 19:12  108544  0e776ed5f7cc9f94299e70461b7b8185   c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 19:12  108544  0e776ed5f7cc9f94299e70461b7b8185   c:\windows\system32\services.exe

2004-08-04 02:56  13312  84885f9b82f4d55c6146ebf6065d75d2   c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:12  13312  bf2466b3e18e970d8a976fb95fc1ca85   c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12  13312  bf2466b3e18e970d8a976fb95fc1ca85   c:\windows\system32\lsass.exe

2004-08-04 02:56  15360  24232996a38c0b0cf151c2140ae29fc8   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 19:12  15360  5f1d5f88303d4a4dbc8e5f97ba967cc3   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12  15360  5f1d5f88303d4a4dbc8e5f97ba967cc3   c:\windows\system32\ctfmon.exe

2005-06-10 18:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-10 19:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788   c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56  57856  7435b108b935e42ea92ca94f59c8e717   c:\windows\$NtUninstallKB896423$\spoolsv.exe
2002-08-29 07:00  51200  9b4155ba58192d4073082b8fc5d42612   c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
2008-04-13 19:12  57856  d8e14a61acc1d4a6cd0d38aebac7fa3b   c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12  57856  d8e14a61acc1d4a6cd0d38aebac7fa3b   c:\windows\system32\spoolsv.exe

2004-08-04 02:56  24576  39b1ffb03c2296323832acbae50d2aff   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:12  26112  a93aee1928a9d7ce3e16d24ec7380f89   c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12  26112  a93aee1928a9d7ce3e16d24ec7380f89   c:\windows\system32\userinit.exe

2004-08-04 02:56  295424  b60c877d16d9c880b952fda04adf16e6   c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 19:12  295424  ff3477c03be7201c294c35f684b3479f   c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 19:12  295424  ff3477c03be7201c294c35f684b3479f   c:\windows\system32\termsrv.dll

2006-07-05 05:55  984064  d8db5397de07577c1cb50ba6d23b3ad4   c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
2006-07-05 05:57  985088  0fdd84928a5dde2510761b7ec76ccec9   c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 11:07  986112  09f7cb3687f86edaa4ca081f7ab66c03   c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 10:52  984576  a01f9ca902a88f7ced06884174d6419d   c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-04 02:56  983552  888190e31455fad793312f8d087146eb   c:\windows\$NtUninstallKB917422$\kernel32.dll
2002-08-29 07:00  930304  8f162dc91d67d87c1a481bf602a9dac8   c:\windows\$NtUninstallKB917422_0$\kernel32.dll
2006-07-05 05:55  984064  d8db5397de07577c1cb50ba6d23b3ad4   c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-13 19:11  989696  c24b983d211c34da8fcc1ac38477971d   c:\windows\ServicePackFiles\i386\kernel32.dll
2004-06-17 12:58  930816  fca73de7b988a2f7837ffbffcfbed088   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\kernel32.dll
2008-04-13 19:11  989696  c24b983d211c34da8fcc1ac38477971d   c:\windows\system32\kernel32.dll

2004-08-04 02:56  17408  1b5f6923abb450692e9fe0672c897aed   c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 19:12  17408  50a166237a0fa771261275a405646cc0   c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 19:12  17408  50a166237a0fa771261275a405646cc0   c:\windows\system32\powrprof.dll

2004-08-04 02:56  110080  87ca7ce6469577f059297b9d6556d66d   c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 19:11  110080  0da85218e92526972a821587e6a8bf8f   c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 19:11  110080  0da85218e92526972a821587e6a8bf8f   c:\windows\system32\imm32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Steam"="c:\program files\Steam\Steam.exe" [2009-03-04 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-01 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-13 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 c:\windows\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ifwuke.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Graboid\\GraboidVideo\\1.4.0.0\\DLManager\\GraboidDLManager.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


--- Other Services/Drivers In Memory ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - AgereModemAudio
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - audstub
*Deregistered* - AVG Anti-Spyware Driver
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - Avg7Core
*Deregistered* - Avg7RsW
*Deregistered* - Avg7RsXP
*Deregistered* - AvgAsCln
*Deregistered* - AvgClean
*Deregistered* - AvgTdi
*Deregistered* - Beep
*Deregistered* - Belkin Wireless USB Network Adapter Service
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Fastfat
*Deregistered* - fasttx2k
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - seclogon
*Deregistered* - SISAGP
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp1
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp

[color=\"RED\"]NETSVCS REQUIRES REPAIRS - current entries shown[/color]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-27 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []

2009-03-23 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-01-26 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{4AD4DEF0-7B4F-42F4-A8B6-D0F725C52014} - c:\windows\system32\efcdcATJ.dll
HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKCU-Run-Vista Sidebar - c:\program files\Vista Sidebar\sidebar.exe
HKCU-Run-MzRamBooster - c:\program files\MzRam\MzRamBooster.exe
HKLM-Run-checktime - c:\program files\HPSelect\Frontend\ct.exe
HKLM-Run-546d0df0 - c:\windows\system32\lgyothyp.dll
HKLM-Run-MCUpdateExe - c:\progra~1\McAfee.com\Agent\McUpdate.exe
HKLM-Run-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
Notify-jKASIXrS - jKASIXrS.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/frostwire?gcht=SC&o=101676&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2009-04-11 15:59:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3901419867-986033703-2805721932-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,14,25,14,4b,c0,cd,9e,ef,53,3a,1e,4f,8c,1e,03,7f,47,f5,51,20,44,b8,
   9c,d5,a0,5a,4a,fd,df,51,23,42,b2,39,2f,9e,26,7b,08,05,7b,d7,73,4c,a0,31,eb,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe
c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\program files\Microsoft Office\Office\FINDFAST.EXE
c:\program files\Microsoft Office\Office\OSA.EXE
.
**************************************************************************
.
Completion time: 2009-04-11 16:06:23 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-11 21:05:39

Pre-Run: 83,610,857,472 bytes free
Post-Run: 83,531,829,248 bytes free

511   --- E O F ---   2009-03-16 20:01:31
Title: Sound not working?
Post by: guestolo on April 12, 2009, 12:32:33 AM
Can you try the following:
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
File::
c:\windows\system32\iedkcs32.dll
c:\windows\Tasks\Norton Security Scan.job
c:\windows\system32\lgyothyp.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"!AVG Anti-Spyware"=-
"AVG7_CC"=-
"QuickTime Task"=-
"AlcxMonitor"=-
[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
I'll need to see that log later

Afterwards:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
DO NOT attempt to run it yet
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Sign in with your Normal Account

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
DO NOT attempt to run it yet
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Sign in with your Normal Account

Also post the new log from Combofix

In addition, post a fresh Hijackthis log and keep me informed how things are now running
Title: Sound not working?
Post by: Krogan on April 12, 2009, 01:34:27 AM
OUCH. . . just figured out that i cant copy paste. . .just another problem to add to my list of stuff wrong. . . Anywho ill give it a shot tomorrow but i am hoping that my brother can find that copy of XP that i let him use awhile back
Title: Sound not working?
Post by: Krogan on April 12, 2009, 04:15:00 PM
My brother came through for me with that XP disk so i just need to wipe this harddrive. . . any good utilities that will get it completely?
Title: Sound not working?
Post by: guestolo on April 12, 2009, 04:32:31 PM
The XP disk should have everything you need, here's a link to walk you through the clean install
http://forums.whatthetech.com/How_Reformat...tem_t91962.html (http://\"http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html\")
Title: Sound not working?
Post by: Krogan on April 13, 2009, 11:21:51 PM
OK so install went pretty good /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> thx for helping me out questolo
Title: Sound not working?
Post by: guestolo on April 13, 2009, 11:28:48 PM
Good work, ensure to get an Updated Virus scanner on your computer, scan All external Flash drives,etc.. to ensure they don't have any infected files on them
Let me know how it goes
Title: Sound not working?
Post by: Krogan on April 14, 2009, 12:14:36 AM
First thing i did when i booted up is i updated XP to SP2 and got the conficker patch and alot of microsoft security updates and then AVG Free and scanning everything now. and may i say HOLY CRAP. . . The scan just show like forty tracking cookies lol
Title: Sound not working?
Post by: guestolo on April 16, 2009, 10:24:16 PM
Quote
First thing i did when i booted up is i updated XP to SP2 and got the conficker patch and alot of microsoft security updates and then AVG Free and scanning everything now. and may i say HOLY CRAP. . . The scan just show like forty tracking cookies lol

Darn cookies, as you know, not much to worry about, but I do suggest you do the following
I keep this small program on all my machines

SpywareBlaster  by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  
At the link you can read more about it then continue with
Free Download on the right>>Continue Download at next page
Basically it Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Really great additive protection, with no need to run in the background
Title: Sound not working?
Post by: Krogan on April 16, 2009, 10:29:36 PM
Thx questolo but the first thing i did was DLed Avast and AVG and im probably gonna buy the License thingy for AVG soon
Title: Sound not working?
Post by: guestolo on April 16, 2009, 10:38:21 PM
Damn, please don't run 2 AV's at the same time, your probably find a drop in system efficiency
Select which on you like the best, uninstall the other
Imagine having 2 AV's battling over each other, on scanning, no wait I want to scan that, no, it's my turn, I'll scan that, no, me first

You get the idea, you don't need that frustration

Spywareblaster is totally different than an AV software, It's a passive protection, no real time protection
Again, just silently helps to protect you, please read the documenation from the link I supplied
And please only decide on one AntiVirus software, If you want a second opinion, how about once in awhile you do an Online Virus scan with something like BitDefender
P.s> I would stick with Avast, do you know how to schedule it for a weekly Virus scan?
Title: Sound not working?
Post by: Krogan on April 17, 2009, 01:50:55 AM
well i have it set up to where avast scans downloads automatically and AVG does a daily scan and avast does a weekly scan on saturdays. . . i have them set up for different tasks so i dont run into the Conflicting scan thing ya know? also, if im surfing the web i turn on the web defender that avast has where it scans the page or whatnot
Title: Sound not working?
Post by: guestolo on April 17, 2009, 10:05:47 PM
Hey, no problem, if you want to run more than one AV, that's your option
Here's a direct quote from Avast
Quote
Q: Should I uninstall other anti-virus programs (Norton Antivirus, McAfee, AVG, Kaspersky Antivirus etc.) before installing avast!?

A: Yes. Using two or more antivirus programs can cause problems and the operating system may become unstable.
From this link
http://www.avast.com/eng/faq-installation-problems.html (http://\"http://www.avast.com/eng/faq-installation-problems.html\")

But then again, up to you