Author Topic: Sound not working? (Read 1144 times)

Krogan · « **on:** April 11, 2009, 02:32:37 AM »

So for about the past week or so my sound has not been working. I have tried uninstalling the sound driver for my card and reinstalling it, i have tried rebooting, pretty much everything you can google i have googled and tried and it hasnt working.

System specs

2004 HP Pavilion a610n
amd processor 2.1ghz (?)
1.5gb ram
windows xp sp3

Any suggestions or anyone that has had this problem and found a fix for it?

Please help because I just pay $100 for a new surround system for my PC and i don't want that to be a waste of money.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:33 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?gcht=SC&...01676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll (file missing)
O2 - BHO: (no name) - {4AD4DEF0-7B4F-42F4-A8B6-D0F725C52014} - C:\WINDOWS\system32\efcdcATJ.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jKASIXrS.dll (file missing)
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [546d0df0] rundll32.exe "C:\WINDOWS\system32\lgyothyp.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User '?')
O4 - HKUS\S-1-5-21-3901419867-986033703-2805721932-1003\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - S-1-5-21-3901419867-986033703-2805721932-1003 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User '?')
O4 - S-1-5-21-3901419867-986033703-2805721932-1003 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User '?')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - AppInit_DLLs: ifwuke.dll
O20 - Winlogon Notify: jKASIXrS - jKASIXrS.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

EDIT: added hijackthis log

guestolo · « **Reply #1 on:** April 11, 2009, 09:59:58 AM »

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also post a fresh Hijackthis log

Krogan · « **Reply #2 on:** April 11, 2009, 12:25:22 PM »

I downloaded both of those before you replied to my post because i was searching through other threads and saw that that was your solution for alot of problems. I ran the ATF cleaner and it worked but the MBAM ran into a problem.

The error that i got was Runtime error '372'. It said that it failed to load vbalgrid from vbalsgrid6.ocx and that my vbalsgrid6.ocx may be outdated.

also a couple of other problems my PC is having is that my taskbar is not showing applications that i have open and my taskmanager is not showing the Username for the processes that are currently running. Also, my computer is not letting me do a system restore.

I have AVG which you can see from my HIJACKTHIS log and i ran that along with a CONFICKER removal tool and i do not have conficker or any other known viruses.

guestolo · « **Reply #3 on:** April 11, 2009, 12:51:26 PM »

The malware on your computer has probably messed with your permissions

Can you do the following
Download then install >[color=\"#FF0000\"]SubInACL[/color]<[/url]

Afterwards:
Download updateMBperms.bat to your desktop

Ensure you already have SubInACL installed then double click on updateMBperms.bat

A dos-like window will open, allow to run and then try to reinstall Malwarebytes

Krogan · « **Reply #4 on:** April 11, 2009, 01:13:12 PM »

Thanks questolo i am installing SubInAcl right now.

I really hope that i can get this resolved because i don't have a Windows XP cd and i have wayyy to much stuff on my comp to just wipe it for a fresh install.

Krogan · « **Reply #5 on:** April 11, 2009, 01:15:39 PM »

Would not install. Error box popped up and said that Windows Installer Service could not be accessed

guestolo · « **Reply #6 on:** April 11, 2009, 02:10:14 PM »

Download and save to desktop Dial-a-Fix.zip
For an alternate download location you can try HERE

Extract the contents to it's own folder
Open the newly extracted folder
Double click on Dial-a-fix.exe to run it
At the bottom of the main screen, Click the GREEN checkmark
This should select all setting
Then click GO

Ensure date/time is selected properly when prompted, then let the tool continue
When it's done
Reboot the computer

Try Malwarebytes again, if no luck, we'll go a different route

Krogan · « **Reply #7 on:** April 11, 2009, 02:18:54 PM »

Getting ready to reboot but when Dial-a-fix was running it kept telling me that loads of my DLLs were corrupt, missing, or the program couldnt verify their integrity or version.

I will go through the log and post all the errors after i reboot

guestolo · « **Reply #8 on:** April 11, 2009, 02:21:09 PM »

I still want to know if you can run Malwarebytes after reboot

Krogan · « **Reply #9 on:** April 11, 2009, 02:35:40 PM »

same problem as before. . . it says that it cannon load vbalgrid

Also, after the reboot my taskbar didnt show up

guestolo · « **Reply #10 on:** April 11, 2009, 02:44:14 PM »

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

--------------------------------------------------------------------
[color=\"#2E8B57\"]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with some tools[/color]

Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combo-Fix.txt in your next reply

Krogan · « **Reply #11 on:** April 11, 2009, 03:42:53 PM »

Ok so i ran the program and it restarted my comp and everything and took FOREVER to make the log but here it is.

Also on reboot the taskbar didnt come up and now the appearance of the menu bars on all open applications are Windows classic and properties has no option for a windows xp appearance.

cant find the log

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

IDK but im gonna look around and see if i can find a windows xp disk. . . fresh install will hopefully fix it. . .

Reformatting instructions?

Clean wipe instructions?

Maybe ill switch to Ubuntu or Suse i know i have copies of both but i know that there is issues with the java on linux and also i play starcraft alot so idk

guestolo · « **Reply #12 on:** April 11, 2009, 03:51:21 PM »

Look for a copy of the log here
C:\Combo-Fix.txt

Krogan · « **Reply #13 on:** April 11, 2009, 03:52:32 PM »

ComboFix 09-04-04.01 - Owner 2009-04-11 15:54:39.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\recycler\desktopA.sys
c:\windows\box boat blue.ico
c:\windows\system32\ad020326.de
c:\windows\system32\emudobes.ini
c:\windows\system32\JTAcdcfe.ini
c:\windows\system32\JTAcdcfe.ini2
c:\windows\system32\kjbhlo.dll
c:\windows\system32\mbho.dll
c:\windows\system32\msc020807.de
c:\windows\system32\MSCStat2.exe
c:\windows\system32\pyhtoygl.ini
c:\windows\system32\sebodume.dll
c:\windows\system32\vfohejvs.ini
c:\windows\system32\vusunifo.dll
c:\windows\system32\yamapaso.dll
c:\windows\Sysvxd.exe
c:\windows\Tasks\qnbyuvoi.job
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 15:14 . 2009-04-11 15:14   <DIR>   d--------   c:\windows\system32\CatRoot2
2009-04-11 02:42 . 2009-04-11 02:42   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-04-11 02:42 . 2009-04-11 02:42   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 02:42 . 2009-04-06 15:32   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 02:42 . 2009-04-06 15:32   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-04-11 02:36 . 2009-04-11 02:36   <DIR>   d--------   c:\program files\Trend Micro
2009-04-08 17:21 . 2009-04-08 17:21   <DIR>   d--------   c:\windows\Sun
2009-04-03 17:10 . 2009-04-11 15:30   2,015,232   --a------   C:\ffastunT.ffl
2009-03-28 11:27 . 2009-03-28 11:27   <DIR>   d--------   c:\program files\Codec Pack - All In 1
2009-03-28 11:27 . 2009-03-28 11:26   737,280   --a------   c:\windows\iun6002.exe
2009-03-25 23:11 . 2009-03-25 23:11   <DIR>   d--h-----   c:\windows\PIF
2009-03-20 02:40 . 2008-10-16 14:06   268,648   --a------   c:\windows\system32\mucltui.dll
2009-03-20 02:40 . 2008-10-16 14:06   208,744   --a------   c:\windows\system32\muweb.dll
2009-03-20 02:40 . 2008-10-16 14:06   27,496   --a------   c:\windows\system32\mucltui.dll.mui
2009-03-19 23:17 . 2009-03-19 23:17   <DIR>   d--------   c:\program files\Microsoft Silverlight
2009-03-18 23:23 . 2009-03-31 16:20   <DIR>   d--------   c:\program files\IrfanView
2009-03-18 01:29 . 2009-03-18 01:29   <DIR>   d--------   c:\program files\Alex Feinman
2009-03-16 18:50 . 2009-03-16 18:50   0   --a------   c:\windows\system32\LexFiles.ulf
2009-03-15 18:50 . 2009-03-15 18:50   65,466   --a------   c:\windows\BricoPackUninst.cmd
2009-03-15 18:49 . 2009-03-15 18:49   3,932,214   --a------   c:\windows\BricoPack Wallpaper.bmp
2009-03-15 18:48 . 2009-03-15 18:50   6,114   --a------   c:\windows\BricoPackFoldersDelete.cmd
2009-03-15 18:47 . 2009-03-15 18:47   <DIR>   d--------   c:\windows\BricoPacks
2009-03-15 01:16 . 2009-03-15 01:16   <DIR>   d--------   c:\program files\Snapshot Viewer
2009-03-11 22:36 . 2009-03-11 22:36   <DIR>   d--------   c:\program files\Hero Editor
2009-03-11 22:36 . 2009-03-11 22:36   249,856   ---------   c:\windows\Setup1.exe
2009-03-11 22:36 . 2009-03-11 22:36   73,216   --a------   c:\windows\ST6UNST.EXE
2009-03-11 19:24 . 2009-03-11 19:24   <DIR>   d--------   c:\documents and settings\Owner\Application Data\SampleView
2009-03-11 19:02 . 2009-03-11 19:02   0   --a------   c:\windows\MSDraw.ini
2009-03-11 18:51 . 2009-03-11 18:53   4   --a------   c:\windows\msoffice.ini
2009-03-11 18:49 . 2008-04-13 19:11   870,784   --a------   c:\windows\system32\ati3d1ag.dll
2009-03-11 18:49 . 2008-04-13 19:11   32,768   --a------   c:\windows\system32\ativtmxx.dll
2009-03-11 18:49 . 2008-04-13 19:12   23,040   --a------   c:\windows\system32\ativmvxx.ax
2009-03-11 18:49 . 2008-04-13 19:12   9,728   --a------   c:\windows\system32\ativdaxx.ax
2009-03-11 18:14 . 2009-03-11 18:14   <DIR>   d--------   c:\program files\LSI SoftModem

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 21:00   ---------   d-----w   c:\program files\Steam
2009-04-11 20:52   34   ----a-w   c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-04-11 20:51   ---------   d-----w   c:\program files\Mozilla Firefox 3 Beta 4
2009-04-11 07:16   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg7
2009-04-04 17:06   ---------   d-----w   c:\documents and settings\Owner\Application Data\FrostWire
2009-04-02 23:48   ---------   d-----w   c:\documents and settings\Owner\Application Data\AVG7
2009-03-28 04:05   ---------   d-----w   c:\program files\Diablo II
2009-03-19 03:45   ---------   d-----w   c:\program files\Java
2009-03-16 05:57   ---------   d-----w   c:\program files\FrostWire
2009-03-12 00:38   ---------   d-----w   c:\program files\Common Files\AOL
2009-03-12 00:25   ---------   d-----w   c:\program files\WinFlip
2009-03-12 00:14   ---------   d-----w   c:\program files\LimeWire
2009-03-12 00:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\AOL
2009-03-11 23:57   ---------   d-----w   c:\program files\Yahoo!
2009-03-11 23:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-11 23:56   ---------   d-----w   c:\program files\QuickTime
2009-03-11 23:56   ---------   d-----w   c:\program files\HP Instant Support
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\tor
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\Hamachi
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\AOL
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\7100Series
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\Mike\Application Data\AOL
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-11 23:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\McAfee.com
2009-03-11 23:54   ---------   d-----w   c:\program files\Bonjour
2009-03-11 01:25   94,208   ----a-w   c:\windows\DIIUnin.exe
2009-03-11 01:25   2,829   ----a-w   c:\windows\DIIUnin.pif
2009-03-09 23:48   ---------   d-----w   c:\program files\XP Codec Pack
2009-03-09 01:28   5,376   ----a-w   c:\windows\system32\drivers\MS1000.sys
2009-03-07 01:56   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-07 01:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\funkitron
2009-03-07 01:54   ---------   d-----w   c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-07 01:54   ---------   d-----w   c:\program files\Graboid
2009-03-05 02:05   ---------   d-----w   c:\documents and settings\All Users\Application Data\MumboJumbo
2009-03-03 05:25   ---------   d-----w   c:\documents and settings\Owner\Application Data\vlc
2009-03-03 01:18   ---------   d-----w   c:\documents and settings\Owner\Application Data\MozillaControl
2009-03-03 01:17   ---------   d-----w   c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-03 01:14   ---------   d-----w   c:\program files\VideoLAN
2009-02-27 06:11   56,320   ----a-w   c:\windows\system32\drivers\UACd.sys
2009-02-27 05:27   90,112   ----a-w   c:\windows\DUMP2e91.tmp
2009-02-24 19:48   ---------   d-----w   c:\documents and settings\LocalService\Application Data\AVG7
2009-02-14 19:56   ---------   d-----w   c:\program files\iTunes
2009-02-14 19:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-14 19:55   ---------   d-----w   c:\program files\iPod
2009-02-14 19:55   ---------   d-----w   c:\program files\Common Files\Apple
2008-02-11 03:04   67,696   ----a-w   c:\program files\mozilla firefox\components\jar50.dll
2008-02-11 03:04   54,376   ----a-w   c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-11 03:04   34,952   ----a-w   c:\program files\mozilla firefox\components\myspell.dll
2008-02-11 03:04   46,720   ----a-w   c:\program files\mozilla firefox\components\spellchk.dll
2008-02-11 03:04   172,144   ----a-w   c:\program files\mozilla firefox\components\xpinstal.dll
2004-09-20 18:49   0   --sha-w   c:\windows\SMINST\HPCD.sys
2008-09-28 08:16   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.

------- Sigcheck -------

2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716   c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18   c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18   c:\windows\system32\svchost.exe

2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054   c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036   c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b   c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7   c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-04 02:56 577024 c72661f8552ace7c5c85e16a3cf505c4   c:\windows\$NtUninstallKB890859$\user32.dll
2003-09-25 18:49 560128 32173306185f603e75c477e117f3bb8d   c:\windows\$NtUninstallKB890859_0$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054   c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b   c:\windows\ServicePackFiles\i386\user32.dll
2004-06-17 12:58 560128 31fb2d788a9aa618452c02e8375b6dcd   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dll
2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b   c:\windows\system32\user32.dll

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2   c:\windows\$NtServicePackUninstall$\ws2_32.dll
2002-08-29 07:00 75264 8529c295df59b564d37a73b5629162b1   c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 07:15 70656 3748e0fc8c1b6ada49f98c8e69a4228c   c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a   c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a   c:\windows\system32\ws2_32.dll

2004-09-29 13:27 656896 2c07195588d69a067c2afdaa31759295   c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 12:08 657920 a8eac5330876548e9966a7d13025d196   c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 15:57 658944 e1e18136f9dd3df1ad9c82193a5898a6   c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 02:43 657920 c8663b488996e89a84c3d17c1d12b79e   c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 18:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c   c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 21:09 659456 6e533d155b259eb2363d3e04b5be309f   c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 22:38 661504 af785c4947676a7fc1673fdc5c8d0b5b   c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-03 22:58 663552 c0845ecbf4f9164e618ee381b79c9032   c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 00:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc   c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 06:25 664576 64ce26db72810b30f7855ea51e1df836   c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 03:31 664576 d207370287cf769aebebf03837784963   c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 10:34 664576 231ef4179acabe486376b5ca893f1076   c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-07 12:40 823296 b8f4db39ca7353752f245379d285c80e   c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 04:08 823808 431defbb4a3d7b0dc062c1b064623a2f   c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 09:40 824320 d6ed5e042c5207553e7f5e842918137f   c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 05:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca   c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-10 18:47 825344 0e5d918f87efa7d2424d66b499c7eb04   c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 19:44 666112 085a7c37f9c6ede1ba870b7dbec06399   c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-06 21:01 825344 b5b411bb229ae6ead7652a32ed47bfb9   c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 04:32 666112 bb1eacd6ab47e78ebca02eb781550d55   c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 01:56 666624 2e7de1bf9418b071799eb53de8cc22f5   c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 01:44 666112 2b0c24aa747a93a28987b6d65a4a74bc   c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 01:24 666624 26f240c250e5b4b395cb4b178ba75437   c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-04-22 22:35 827392 41546b396a526918da7995a02ea04e51   c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 11:01 827904 c66402a06b83b036c195242c0c8cf83c   c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32   c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2004-08-04 02:56 656384 c0823fc5469663ba63e7db88f9919d70   c:\windows\$NtServicePackUninstall$\wininet.dll
2004-08-04 02:56 656384 c0823fc5469663ba63e7db88f9919d70   c:\windows\$NtUninstallKB834707$\wininet.dll
2004-09-29 13:47 656896 cba65b573c66fe23f647ff96e3a10994   c:\windows\$NtUninstallKB867282$\wininet.dll
2005-03-10 03:02 656896 6f018d6319be4f96426ea829b79e05d5   c:\windows\$NtUninstallKB883939$\wininet.dll
2005-01-27 12:13 656896 b5e043e440b210014e021b24cf0a72e3   c:\windows\$NtUninstallKB890923$\wininet.dll
2005-07-02 21:11 658432 5b5ff992c0fa762ccf8655fc290e6e52   c:\windows\$NtUninstallKB896688$\wininet.dll
2005-05-02 15:52 657920 1a078af3f85d10ba56444c23b3a18e74   c:\windows\$NtUninstallKB896727$\wininet.dll
2005-09-02 18:52 658432 af61ebb1f550175eff406d545d6ab086   c:\windows\$NtUninstallKB905915$\wininet.dll
2005-10-20 22:39 658432 e7b27b6b6e06ce34ea019fd8b858c613   c:\windows\$NtUninstallKB912812$\wininet.dll
2006-03-03 22:33 658432 1c0979c7a489bee573cd0bf4ad94bb06   c:\windows\$NtUninstallKB916281$\wininet.dll
2006-05-10 00:23 658432 38ab7a56f566d9aaad31812494944824   c:\windows\$NtUninstallKB918899$\wininet.dll
2004-01-22 02:16 588288 96e9cbb9f5b7faca709d87f49183ae5f   c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2006-06-23 06:02 658944 2b4db890936430c71419037039502752   c:\windows\$NtUninstallKB922760$\wininet.dll
2006-10-23 10:17 658944 6b2735adff5a5d3b9130ca4a794722f0   c:\windows\$NtUninstallKB925454$\wininet.dll
2006-09-14 03:39 658944 621af3f6174a3f60677f5230e28bcc07   c:\windows\$NtUninstallKB925454_0$\wininet.dll
2004-08-04 02:56 656384 c0823fc5469663ba63e7db88f9919d70   c:\windows\$NtUninstallKB944533$\wininet.dll
2007-12-06 20:07 659456 57d1b5150cf6331fac6b3e04c1fcb966   c:\windows\$NtUninstallKB947864$\wininet.dll
2008-02-16 03:59 659456 0c690e77c0e924c45b4d7045b182fff1   c:\windows\$NtUninstallKB950759$\wininet.dll
2008-04-21 02:04 659456 1efb8a3ea8454aec1bb8a240a2845598   c:\windows\ie7\wininet.dll
2007-03-07 12:45 822784 5b35dae6e4886f64d1da58c4e3e01eb9   c:\windows\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 03:41 822784 0586a7f0b2fdb94d624f399d4728e7c8   c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 09:34 823808 8068cbb58fe60cc95aeb2cff70178208   c:\windows\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 05:04 824832 774435e499d8e9643ec961a6103c361f   c:\windows\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065   c:\windows\ie7updates\KB944533-IE7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401   c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-22 23:16 826368 f6589be784647cfdbc22ea51ccb1a57a   c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 11:57 826368 8c13d4a7479fa0a026eda8abce82c0ed   c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300   c:\windows\ie8\wininet.dll
2009-01-15 02:05 902656 8a11276d3ea94ad90e75ac5856eb1b67   c:\windows\ServicePackFiles\i386\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c   c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
2008-12-20 18:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6   c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
2007-04-18 07:46 665600 4261ba03afd659de04f0a17dfbdd454d   c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\wininet.dll
2009-01-15 02:05 911872 203c05a174a45270a30cdd593092d91e   c:\windows\system32\wininet.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e   c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195   c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4   c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4   c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8   c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48   c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d   c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9   c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c   c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9   c:\windows\$NtUninstallKB913446$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c   c:\windows\$NtUninstallKB917953$\tcpip.sys
2002-08-29 07:00 332928 244a2f9816bc9b593957281ef577d976   c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4   c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733   c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178   c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733   c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d   c:\windows\system32\drivers\tcpip.sys

2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe   c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e   c:\windows\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e   c:\windows\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855   c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0   c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0   c:\windows\system32\drivers\ip6fw.sys

2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002   c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b   c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 11:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d   c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba   c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0   c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:58 2056832 947fb1d86d14afcffdb54bf837ec25d0   c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2003-04-24 17:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3   c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002   c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002   c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 04:33 2066048 4ac58f03eb94a72809949d757fc39d80   c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2004-06-17 03:03 1954688 ed0d7a5f1138ccfd3ecaf8f6ac691f13   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntkrnlpa.exe
2008-08-14 04:33 2066048 4ac58f03eb94a72809949d757fc39d80   c:\windows\system32\ntkrnlpa.exe

2005-03-01 19:59 2179328 4d4cf2c14550a4b7718e94a6e581856e   c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb   c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 11:51 2182016 cef243f6defd20be4adde26c7ecacb54   c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9   c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe   c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 01:19 2180992 ce218bc7088681faa06633e218596ca7   c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2003-04-24 17:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0   c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-01 19:59 2179328 4d4cf2c14550a4b7718e94a6e581856e   c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
2005-03-01 19:59 2179328 4d4cf2c14550a4b7718e94a6e581856e   c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 05:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5   c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2004-06-17 12:22 2051584 f240dc474f8edb2d95514d831df069e5   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntoskrnl.exe
2008-08-14 05:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5   c:\windows\system32\ntoskrnl.exe

2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923   c:\windows\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658   c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87   c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64   c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:12 975872 561a50497324f378e30f55d09b4e1258   c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4   c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185   c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185   c:\windows\system32\services.exe

2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2   c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85   c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85   c:\windows\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3   c:\windows\system32\ctfmon.exe

2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f   c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788   c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f   c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717   c:\windows\$NtUninstallKB896423$\spoolsv.exe
2002-08-29 07:00 51200 9b4155ba58192d4073082b8fc5d42612   c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b   c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b   c:\windows\system32\spoolsv.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89   c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89   c:\windows\system32\userinit.exe

2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6   c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f   c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f   c:\windows\system32\termsrv.dll

2006-07-05 05:55 984064 d8db5397de07577c1cb50ba6d23b3ad4   c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
2006-07-05 05:57 985088 0fdd84928a5dde2510761b7ec76ccec9   c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 11:07 986112 09f7cb3687f86edaa4ca081f7ab66c03   c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 10:52 984576 a01f9ca902a88f7ced06884174d6419d   c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-04 02:56 983552 888190e31455fad793312f8d087146eb   c:\windows\$NtUninstallKB917422$\kernel32.dll
2002-08-29 07:00 930304 8f162dc91d67d87c1a481bf602a9dac8   c:\windows\$NtUninstallKB917422_0$\kernel32.dll
2006-07-05 05:55 984064 d8db5397de07577c1cb50ba6d23b3ad4   c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-13 19:11 989696 c24b983d211c34da8fcc1ac38477971d   c:\windows\ServicePackFiles\i386\kernel32.dll
2004-06-17 12:58 930816 fca73de7b988a2f7837ffbffcfbed088   c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\kernel32.dll
2008-04-13 19:11 989696 c24b983d211c34da8fcc1ac38477971d   c:\windows\system32\kernel32.dll

2004-08-04 02:56 17408 1b5f6923abb450692e9fe0672c897aed   c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 19:12 17408 50a166237a0fa771261275a405646cc0   c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 19:12 17408 50a166237a0fa771261275a405646cc0   c:\windows\system32\powrprof.dll

2004-08-04 02:56 110080 87ca7ce6469577f059297b9d6556d66d   c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 19:11 110080 0da85218e92526972a821587e6a8bf8f   c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 19:11 110080 0da85218e92526972a821587e6a8bf8f   c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Steam"="c:\program files\Steam\Steam.exe" [2009-03-04 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-01 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-13 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 c:\windows\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ifwuke.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Graboid\\GraboidVideo\\1.4.0.0\\DLManager\\GraboidDLManager.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - AgereModemAudio
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - audstub
*Deregistered* - AVG Anti-Spyware Driver
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - Avg7Core
*Deregistered* - Avg7RsW
*Deregistered* - Avg7RsXP
*Deregistered* - AvgAsCln
*Deregistered* - AvgClean
*Deregistered* - AvgTdi
*Deregistered* - Beep
*Deregistered* - Belkin Wireless USB Network Adapter Service
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Fastfat
*Deregistered* - fasttx2k
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - seclogon
*Deregistered* - SISAGP
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp1
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp

[color=\"RED\"]NETSVCS REQUIRES REPAIRS - current entries shown[/color]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-27 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []

2009-03-23 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-01-26 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{4AD4DEF0-7B4F-42F4-A8B6-D0F725C52014} - c:\windows\system32\efcdcATJ.dll
HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKCU-Run-Vista Sidebar - c:\program files\Vista Sidebar\sidebar.exe
HKCU-Run-MzRamBooster - c:\program files\MzRam\MzRamBooster.exe
HKLM-Run-checktime - c:\program files\HPSelect\Frontend\ct.exe
HKLM-Run-546d0df0 - c:\windows\system32\lgyothyp.dll
HKLM-Run-MCUpdateExe - c:\progra~1\McAfee.com\Agent\McUpdate.exe
HKLM-Run-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
Notify-jKASIXrS - jKASIXrS.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/frostwire?gcht=SC&o=101676&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 15:59:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3901419867-986033703-2805721932-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,14,25,14,4b,c0,cd,9e,ef,53,3a,1e,4f,8c,1e,03,7f,47,f5,51,20,44,b8,
9c,d5,a0,5a,4a,fd,df,51,23,42,b2,39,2f,9e,26,7b,08,05,7b,d7,73,4c,a0,31,eb,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe
c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\program files\Microsoft Office\Office\FINDFAST.EXE
c:\program files\Microsoft Office\Office\OSA.EXE
.
**************************************************************************
.
Completion time: 2009-04-11 16:06:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 21:05:39

Pre-Run: 83,610,857,472 bytes free
Post-Run: 83,531,829,248 bytes free

511   --- E O F ---   2009-03-16 20:01:31

guestolo · « **Reply #14 on:** April 12, 2009, 12:32:33 AM »

Can you try the following:
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
File::
c:\windows\system32\iedkcs32.dll
c:\windows\Tasks\Norton Security Scan.job
c:\windows\system32\lgyothyp.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"!AVG Anti-Spyware"=-
"AVG7_CC"=-
"QuickTime Task"=-
"AlcxMonitor"=-
[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log later

Afterwards:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
DO NOT attempt to run it yet
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Sign in with your Normal Account

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
DO NOT attempt to run it yet
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Sign in with your Normal Account

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Also post the new log from Combofix

In addition, post a fresh Hijackthis log and keep me informed how things are now running

Krogan · « **Reply #15 on:** April 12, 2009, 01:34:27 AM »

OUCH. . . just figured out that i cant copy paste. . .just another problem to add to my list of stuff wrong. . . Anywho ill give it a shot tomorrow but i am hoping that my brother can find that copy of XP that i let him use awhile back

Krogan · « **Reply #16 on:** April 12, 2009, 04:15:00 PM »

My brother came through for me with that XP disk so i just need to wipe this harddrive. . . any good utilities that will get it completely?

guestolo · « **Reply #17 on:** April 12, 2009, 04:32:31 PM »

The XP disk should have everything you need, here's a link to walk you through the clean install
http://forums.whatthetech.com/How_Reformat...tem_t91962.html

Krogan · « **Reply #18 on:** April 13, 2009, 11:21:51 PM »

OK so install went pretty good

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> thx for helping me out questolo

guestolo · « **Reply #19 on:** April 13, 2009, 11:28:48 PM »

Good work, ensure to get an Updated Virus scanner on your computer, scan All external Flash drives,etc.. to ensure they don't have any infected files on them
Let me know how it goes

News:

Author Topic: Sound not working? (Read 1144 times)