Odd sound problem

Ive researched and looked into this for ages but I have had no luck what so ever.
But basially I got a virus the other day, it was the Trojan dropper agent.git, it disabled many of my .exe programs aswell as my sound.
Now ive tried replacing my "sndvol32" file and that hasnt worked.
But my sound doesnt work for youtube, myspace vids and general embedded video's and I also havent got a volume icon in the system tray anymore.

http://s30.photobucket.com/albums/c3...rent=Sound.jpg

Ive included the link to the picture as thats proof ive got everything checked so it all works.

My sound works for windows media player and real player, but I have to turn the sound up manually with the "master" volume controls.

Anyone able to help?
My speaker buttons depend on the "system" tray volume an its pretty anoying not being able to use my speakers.

Thanks, John.

P.s. I had to edit this as it was moved to the "virus" section, I'd like to state that ive completely removed the virus and now I have a sound problem, rather than a virus problem.

Completely removing this type of virus is usually more than just an antivirus scanner can do.

Please go HERE and install Hijackthis and post the log in this thread.

The virus has been completely eliminated.

I already have hijack this.

But heres my log anyway:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:41, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wt32exe.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeaZip\res\7z\7z.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [prOSeLogin] C:\Program Files\SymplisIT\RecoverMagic\prose.exe /auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [APV] C:\Program Files\APV\autostart_and_process_viewer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{9C5FA403-07CE-1033-0823-06110406002c}] "C:\Program Files\Common Files\{9C5FA403-07CE-1033-0823-06110406002c}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187781780562
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\Wt32exe.exe
O24 - Desktop Component 0: (no name) - http://www.imnotobsessed.com/image/harrybum1.jpg
O24 - Desktop Component 1: (no name) - http://www.nvnews.net/images/screens...ulator_x_1.jpg
O24 - Desktop Component 2: (no name) - http://www.hostropolis.com/april/potter.jpg
--
End of file - 9958 bytes


I would of attached it as a file, but on multiple occasions I was given errors.

Maybe one of them but there are at least two more.


No problem, we would rather logs be inline unless requested otherwise.



Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

IMPORTANT - Combofix.exe MUST be saved to your your Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc)
• Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
  • Click on this link to see a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
• Double click combofix.exe & follow the prompts.
  • From the keyboard select 1 and press Enter
• When finished, it will produce a log for you.
• Post that log in your next reply.

Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.

----------

After combofix is complete and the computer has been restarted run a new Hijackthis scan and post the log.

----------

Next post please add
Combofix log
New Hijackthis log

Ive done as you've asked again.

I know this is helping me eliminate the virus further, but I believe I have no virus problems anymore, but its always best to be sure.
A problem im more concerned about is the fact I have no sound, which was caused by the virus as it latched itself onto a few '.exe' files which means they had to be removed, which means those files had to be deleted, causing the sound to not function anymore, well thats my prognosis on what happened, unless im wrong lol.
I shall post my logs in a sec, but i'd also like to say, ive updated my drivers and replaced my "sndvol32" but my sound isnt working still with embedded videos and I still have no speaker icon/volume control in my system tray.

My logs follow:

ComboFix 08-01-17.3 - Administrator 2008-01-17 0:59:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1541 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-16 17:10 . 2008-01-16 17:10 <DIR> d-------- C:\Program Files\PeaZip
2008-01-16 13:10 . 2008-01-16 13:12 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-01-16 12:55 . 2008-01-16 12:55 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-15 18:12 . 2008-01-15 18:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-15 18:12 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-15 18:12 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-15 03:30 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-15 03:27 . 2008-01-15 03:27 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-15 02:33 . 2008-01-15 02:33 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-01-15 02:33 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-01-15 00:35 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys
2008-01-15 00:24 . 2008-01-15 00:24 <DIR> d-------- C:\Program Files\VIA Technologies, INC
2008-01-15 00:20 . 2008-01-15 00:20 <DIR> d-------- C:\Program Files\Driver Wizard
2008-01-15 00:20 . 2001-09-22 10:16 4,016 --a------ C:\WINDOWS\system32\zlportio.sys
2008-01-15 00:19 . 2003-09-08 14:08 53,760 --a------ C:\WINDOWS\uninst62.exe
2008-01-15 00:11 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-01-15 00:10 . 2008-01-15 00:10 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-01-15 00:10 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-01-14 23:06 . 2008-01-14 23:24 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-14 16:56 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-14 16:56 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 16:56 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-14 16:56 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe
2008-01-14 16:56 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-14 15:32 . 2008-01-16 13:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 15:32 . 2008-01-14 15:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 23:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:27 . 2008-01-13 20:27 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 16:43 . 2008-01-13 22:29 <DIR> d-------- C:\WINDOWS\system32\pe2
2008-01-13 16:43 . 2008-01-13 16:43 <DIR> d-------- C:\WINDOWS\system32\ka8
2008-01-13 16:43 . 2008-01-14 09:12 <DIR> d-------- C:\WINDOWS\system32\edcA16
2008-01-13 16:43 . 2008-01-13 16:43 <DIR> d-------- C:\Temp\Ryuan1
2008-01-13 16:43 . 2008-01-13 16:43 352,410 --a------ C:\WINDOWS\system32\ope14C.exe
2008-01-13 16:43 . 2008-01-13 16:43 111,835 --a------ C:\WINDOWS\system32\ope153.exe
2008-01-13 16:43 . 2008-01-13 16:43 0 --a------ C:\WINDOWS\system32\ope153.tmp
2008-01-13 16:43 . 2008-01-13 16:43 0 --a------ C:\WINDOWS\system32\ope14C.tmp
2008-01-13 16:43 . 2008-01-13 16:43 0 --a------ C:\WINDOWS\ope151.tmp
2008-01-13 16:29 . 2008-01-13 16:39 <DIR> d-------- C:\Program Files\RegFix Mantra
2008-01-13 16:29 . 2008-01-13 16:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-09 18:27 . 2008-01-09 18:27 <DIR> d-------- C:\Fraps
2008-01-09 18:27 . 2008-01-09 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 19:09 . 2008-01-08 19:09 5,760,054 --a------ C:\WINDOWS\AW_XenoMorph1600.bmp
2008-01-07 07:53 . 2008-01-08 05:29 <DIR> d-------- C:\Program Files\thriXXX
2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Oxin's Style!
2008-01-07 00:21 . 2008-01-08 19:04 <DIR> d-------- C:\pebuilder3110a
2008-01-07 00:18 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL
2008-01-07 00:18 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL
2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-01-06 16:30 . 2008-01-06 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-06 16:29 . 2008-01-06 16:32 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-06 16:27 . 2008-01-06 16:27 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-06 16:27 . 2008-01-06 16:27 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-06 16:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-06 16:26 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-06 16:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-06 16:26 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-06 16:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-06 16:26 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-06 16:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-01-06 16:26 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-06 16:26 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-04 13:09 . 2008-01-04 13:09 <DIR> d-------- C:\Program Files\Two Worlds
2007-12-26 11:30 . 2007-12-26 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-26 11:28 . 2005-08-11 16:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-25 22:10 . 2007-12-26 01:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2007-12-25 22:10 . 2007-12-25 22:10 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-25 22:07 . 2007-12-26 02:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Program Files\Skype
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-16 23:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-16 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-16 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-16 00:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-15 05:25 --------- d-----w C:\Program Files\Morpheus
2008-01-15 01:08 --------- d-----w C:\Program Files\Java
2008-01-15 00:10 --------- d-----w C:\Program Files\Realtek
2008-01-14 23:50 --------- d-----w C:\Program Files\APV
2008-01-14 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 15:31 --------- d-----w C:\Program Files\QuickTime
2008-01-14 15:31 --------- d-----w C:\Program Files\iTunes
2008-01-14 15:31 --------- d-----w C:\Program Files\iPod
2008-01-14 01:48 --------- d-----w C:\Program Files\uTorrent
2008-01-13 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 17:11 --------- d-----w C:\Program Files\Zune
2008-01-13 17:11 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
2008-01-12 20:43 --------- d-----w C:\Program Files\AAAAAAAAAAAA
2008-01-04 13:19 --------- d-----w C:\Program Files\Reality Pump
2007-12-30 14:53 --------- d-----w C:\Program Files\stalker
2007-12-29 00:34 --------- d-----w C:\Program Files\The Creative Assembly
2007-12-26 11:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 18:00 4,637,696 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-12-20 16:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-12-18 14:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files
2007-12-14 12:08 --------- d-----w C:\Program Files\LimeWire
2007-12-09 08:15 --------- d-----w C:\Program Files\ImTOO
2007-12-05 01:50 --------- d-----w C:\Program Files\Wings Over Vietnam
2007-12-05 01:46 --------- d-----w C:\Program Files\wov
2007-12-05 01:44 --------- d-----w C:\Program Files\Battlefront
2007-12-04 07:48 --------- d-----w C:\Program Files\LucasArts
2007-12-01 17:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2007-12-01 16:35 --------- d-----w C:\Program Files\Call of Duty
2007-12-01 16:30 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-01 16:21 --------- d-s---w C:\Program Files\Xfire
2007-12-01 03:11 --------- d-----w C:\Program Files\SEGA
2007-11-30 03:34 --------- d-----w C:\Program Files\Common Files\snpstd3
2007-11-29 17:44 --------- d-----w C:\Program Files\BFV
2007-11-29 16:43 4 ----a-w C:\loadcounter.dat
2007-11-29 04:34 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-29 04:34 --------- d-----w C:\Program Files\Common Files\Real
2007-11-28 21:37 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
2007-11-28 03:03 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor
2007-11-28 03:01 --------- d-----w C:\Program Files\ElcomSoft
2007-11-23 15:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-20 18:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-11-17 22:54 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-17 22:52 --------- d-----w C:\Program Files\LiveUpdate
2007-11-17 21:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sierra Entertainment
2007-11-17 20:51 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-17 20:40 --------- d-----w C:\Program Files\Sierra Entertainment
2007-11-15 21:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-15 21:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-15 21:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-15 21:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-15 21:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-15 21:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-10 15:35 399,872 ----a-w C:\openmp3.exe
2007-11-07 17:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 20:30 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 20:30 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-10-27 20:27 102,400 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 13:09 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-04-14 01:01 92,064 ----a-w C:\Documents and Settings\Administrator\mqdmmdm.sys
2007-04-14 01:01 9,232 ----a-w C:\Documents and Settings\Administrator\mqdmmdfl.sys
2007-04-14 01:01 79,328 ----a-w C:\Documents and Settings\Administrator\mqdmserd.sys
2007-04-14 01:01 66,656 ----a-w C:\Documents and Settings\Administrator\mqdmbus.sys
2007-04-14 01:01 6,208 ----a-w C:\Documents and Settings\Administrator\mqdmcmnt.sys
2007-04-14 01:01 5,936 ----a-w C:\Documents and Settings\Administrator\mqdmwhnt.sys
2007-04-14 01:01 4,048 ----a-w C:\Documents and Settings\Administrator\mqdmcr.sys
2007-04-14 01:01 25,600 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2007-04-14 01:01 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-01-14_23.59.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-04 08:26:36 2,808,832 ----a-r C:\WINDOWS\ALCWZRD.EXE
+ 2006-05-04 16:26:36 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
- 2008-01-13 23:46:17 1,265,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-17 00:59:46 1,265,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
- 2008-01-13 23:46:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 00:59:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 23:46:17 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-17 00:59:46 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-13 23:46:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 00:59:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 23:46:17 9,129,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 00:59:46 9,154,560 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-13 23:46:17 667,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 00:59:46 679,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:24:55 13,382 ----a-r C:\WINDOWS\Installer\{1798F085-3E0B-492A-B012-F30A35288394}\ARPPRODUCTICON.exe
+ 2008-01-14 23:24:55 13,382 ----a-r C:\WINDOWS\Installer\{1798F085-3E0B-492A-B012-F30A35288394}\New_Shortcut_S3375.exe
+ 2008-01-14 23:24:55 53,248 ----a-r C:\WINDOWS\Installer\{1798F085-3E0B-492A-B012-F30A35288394}\NewShortcut4.exe
+ 2008-01-14 23:24:55 53,248 ----a-r C:\WINDOWS\Installer\{1798F085-3E0B-492A-B012-F30A35288394}\NewShortcut5.exe
+ 2008-01-14 15:32:02 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-01-14 23:06:46 13,382 ----a-r C:\WINDOWS\Installer\{5BEB2F46-3723-47CF-BF7F-39C453B9D977}\New_Shortcut_S3375.exe
- 2007-10-16 15:02:39 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-01-14 01:44:18 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-01-16 12:55:41 55,296 ----a-r C:\WINDOWS\Installer\{DA15D535-5E1D-4076-B520-8571346D6238}\Icon666CF0411.exe
- 1998-10-29 16:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 2003-06-18 16:48:00 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2006-03-10 11:32:38 2,158,592 ----a-r C:\WINDOWS\MicCal.exe
+ 2007-06-28 16:44:14 2,165,760 ----a-w C:\WINDOWS\MicCal.exe
- 2006-05-04 08:35:14 9,709,568 ----a-r C:\WINDOWS\RTLCPL.EXE
+ 2007-03-23 19:19:10 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
- 2005-04-16 14:20:00 487,424 ------r C:\WINDOWS\RtlExUpd.dll
+ 2007-07-26 17:09:20 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
- 2006-05-04 08:22:02 86,016 ----a-r C:\WINDOWS\SOUNDMAN.EXE
+ 2007-04-16 15:28:22 577,536 ----a-w C:\WINDOWS\soundman.exe
- 2005-07-15 08:48:00 40,960 ----a-r C:\WINDOWS\system32\ChCfg.exe
+ 2006-08-01 15:02:00 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
- 2004-08-04 01:07:00 138,752 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
+ 2003-03-31 07:00:00 138,752 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
+ 2002-04-01 14:42:14 19,072 -c--a-w C:\WINDOWS\system32\dllcache\usbehci.sys
- 2004-08-04 01:07:00 26,624 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
+ 2002-04-01 14:42:14 19,072 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
- 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-12-14 00:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-12-14 00:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-12-14 01:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-08-07 17:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\swdir.dll
+ 2008-01-07 11:26:46 181,672 ----a-w C:\WINDOWS\system32\Macromed\Director\swdir.dll
- 2007-08-07 17:21:02 55,272 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
+ 2008-01-07 11:27:04 54,696 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
+ 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
+ 2008-01-16 12:53:27 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
- 2007-08-07 13:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-01-03 18:19:34 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
- 2007-08-07 13:19:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2008-01-03 18:01:46 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
- 2007-08-07 13:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-01-03 18:20:14 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2007-08-07 16:52:32 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
+ 2008-01-03 18:39:06 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
- 2007-08-07 13:08:48 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
+ 2008-01-03 17:46:46 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
- 2007-08-07 13:17:24 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2008-01-03 17:59:14 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
- 2007-08-07 13:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-01-03 18:18:56 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-08-07 13:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-01-03 18:19:06 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-08-07 13:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-01-03 18:11:48 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-01-07 11:26:28 390,568 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1030024.exe
- 2007-08-07 13:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-01-03 18:22:06 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
- 2007-08-07 13:35:18 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2008-01-03 18:18:50 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
- 2007-08-07 13:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-01-03 18:22:08 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2007-08-07 13:08:46 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 2008-01-03 17:46:44 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
- 2007-12-02 03:02:29 62,490 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-16 13:23:20 62,490 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-02 03:02:29 400,954 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-16 13:23:20 400,954 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-05-04 08:26:36 2,808,832 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\ALCWZRD.EXE
+ 2004-08-03 23:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\drmk.sys
+ 2004-08-03 23:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\ks.sys
+ 2004-08-04 00:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\ksuser.dll
+ 2004-03-16 10:58:20 136,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\portcls.sys
+ 2004-08-03 23:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\stream.sys
+ 2006-03-10 11:32:38 2,158,592 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\MicCal.exe
+ 2006-05-24 05:53:00 266,240 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\RTCOMDLL.dll
+ 2006-06-01 08:48:00 16,208,384 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\RTHDCPL.EXE
+ 2006-06-06 04:09:26 4,284,928 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\RtkHDAud.sys
+ 2005-10-31 10:17:38 135,168 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\RTLCPAPI.dll
+ 2006-05-04 08:35:14 9,709,568 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\RTLCPL.EXE
+ 2006-03-09 09:45:20 364,544 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\RtlUpd.exe
+ 2006-05-16 10:04:26 2,879,488 ----a-r C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\SkyTel.exe
+ 2006-06-21 05:42:44 577,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\SOUNDMAN.EXE
+ 2004-08-04 01:07:00 7,168 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\hccoin.dll
+ 2004-08-04 01:07:00 26,624 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\usbehci.sys
+ 2004-08-04 01:07:00 57,600 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\usbhub.sys
+ 2004-08-04 01:07:00 142,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\usbport.sys
+ 2004-08-04 00:56:48 74,240 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\usbui.dll
+ 2004-08-03 23:07:48 68,224 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\pci.sys
- 2006-05-24 05:53:00 266,240 ----a-r C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll
+ 2007-11-19 17:12:58 262,144 ----a-w C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll
- 2005-10-31 10:17:38 135,168 ----a-r C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll
+ 2007-03-07 14:59:30 131,072 ----a-w C:\WINDOWS\system32\RTCOM\RtlCPAPI.dll
- 2004-08-04 01:07:00 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2003-03-31 07:00:00 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2001-09-05 16:05:16 45,568 ----a-w C:\WINDOWS\system32\symplisc.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"="" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [ ]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-14 01:48 219952]
"APV"="C:\Program Files\APV\autostart_and_process_viewer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"tblfunc"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"DriverMagicLogon"="C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [ ]
"prOSeLogin"="C:\Program Files\SymplisIT\RecoverMagic\prose.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16:47 16860672 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 23:05 219136]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-01-02 18:33:03]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-07 02:35:31]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]
"{9C5FA403-07CE-1033-0823-06110406002c}"= "C:\Program Files\Common Files\{9C5FA403-07CE-1033-0823-06110406002c}\Update.exe" mc-110-12-0002239
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-07 13:15]
R3 cdiport;cdiport;C:\WINDOWS\system32\DRIVERS\cdipor t.sys [2004-04-27 10:22]
R3 WinMTBus;WinMount Bus;C:\WINDOWS\system32\DRIVERS\WinMTBus.sys [2007-04-11 11:35]
S0 nullcd;nullcd;C:\WINDOWS\system32\Drivers\nullcd.s ys []
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 nenum13E;nenum13E;C:\DOCUME~1\ADMINI~1\LOCALS~1\Te mp\nenum13E.sys []
S3 tablet;Serial Tablet Driver;C:\WINDOWS\system32\DRIVERS\tablet.sys [2000-06-07 17:50]
S3 tbfilter;Tablet Filter Driver;C:\WINDOWS\system32\DRIVERS\tbfilter.sys [2000-06-07 15:13]
S3 zlportio;ZLPORTIO - Allow user access to I/O ports;C:\WINDOWS\system32\zlportio.sys [2001-09-22 10:16]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b53-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b5a-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b5c-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b5e-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - J:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 14:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 12:55:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 01:04:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dl l
.
Completion time: 2008-01-17 1:04:43
ComboFix-quarantined-files.txt 2008-01-17 01:04:41
ComboFix2.txt 2008-01-14 23:59:55
.
2008-01-09 03:02:45 --- E O F ---

My secong log will be posted in another reply.

My second log:


Hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15:06, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wt32exe.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [prOSeLogin] C:\Program Files\SymplisIT\RecoverMagic\prose.exe /auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [APV] C:\Program Files\APV\autostart_and_process_viewer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{9C5FA403-07CE-1033-0823-06110406002c}] "C:\Program Files\Common Files\{9C5FA403-07CE-1033-0823-06110406002c}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187781780562
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\Wt32exe.exe
O24 - Desktop Component 0: (no name) - http://www.imnotobsessed.com/image/harrybum1.jpg
O24 - Desktop Component 1: (no name) - http://www.nvnews.net/images/screens...ulator_x_1.jpg
O24 - Desktop Component 2: (no name) - http://www.hostropolis.com/april/potter.jpg
--
End of file - 9695 bytes

P.s. Evilfantasy, thank you very much for the help your giving me by the way, very much appreciated.

No problem, for some reason I actually enjoy this stuff



I'm not here to preach by any means, but if you use torrents to download you will eventually be buying a new computer, or many parts to replace the ones destroyed by the extra junk the downloads contain.

---------------

Open HijackThis and select Do a system scan only then place a check mark next to:

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL << Unless you use the Morpheus Toolbar
O4 - HKCU\..\Run: [APV] C:\Program Files\APV\autostart_and_process_viewer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{9C5FA403-07CE-1033-0823-06110406002c}] "C:\Program Files\Common Files\{9C5FA403-07CE-1033-0823-06110406002c}\Update.exe" mc-110-12-0002239O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

---------------


Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Copy the text below by highlighting all the text and pressing Ctrl+C

-----------------------------------------

RenV::
C:\Program Files\Grisoft\AVG7\avgcc .exe

File::
C:\Program Files\APV\autostart_and_process_viewer.exe
C:\Program Files\Common Files\{9C5FA403-07CE-1033-0823-06110406002c}\Update.exe

-----------------------------------------

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze.

---------------

Next post
Combofix log

Haha, I dont feel so bad now =D.

Heres my next log, although my sound situation remains the same:

ComboFix 08-01-17.3 - Administrator 2008-01-17 2:14:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1617 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\Program Files\APV\autostart_and_process_viewer.exe
C:\Program Files\Common Files\{9C5FA403-07CE-1033-0823-06110406002c}\Update.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-16 17:10 . 2008-01-16 17:10 <DIR> d-------- C:\Program Files\PeaZip
2008-01-16 13:10 . 2008-01-16 13:12 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-01-16 12:55 . 2008-01-16 12:55 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-15 18:12 . 2008-01-15 18:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-15 18:12 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-15 18:12 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-15 03:30 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-15 03:27 . 2008-01-15 03:27 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-15 02:33 . 2008-01-15 02:33 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-01-15 02:33 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-01-15 00:35 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys
2008-01-15 00:24 . 2008-01-15 00:24 <DIR> d-------- C:\Program Files\VIA Technologies, INC
2008-01-15 00:20 . 2008-01-15 00:20 <DIR> d-------- C:\Program Files\Driver Wizard
2008-01-15 00:20 . 2001-09-22 10:16 4,016 --a------ C:\WINDOWS\system32\zlportio.sys
2008-01-15 00:19 . 2003-09-08 14:08 53,760 --a------ C:\WINDOWS\uninst62.exe
2008-01-15 00:11 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-01-15 00:10 . 2008-01-15 00:10 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-01-15 00:10 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-01-14 23:06 . 2008-01-14 23:24 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-14 16:56 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-14 16:56 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 16:56 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-14 16:56 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe
2008-01-14 16:56 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-14 15:32 . 2008-01-17 01:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 15:32 . 2008-01-14 15:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 23:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:27 . 2008-01-13 20:27 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 16:43 . 2008-01-13 22:29 <DIR> d-------- C:\WINDOWS\system32\pe2
2008-01-13 16:43 . 2008-01-13 16:43 <DIR> d-------- C:\WINDOWS\system32\ka8
2008-01-13 16:43 . 2008-01-14 09:12 <DIR> d-------- C:\WINDOWS\system