Odd sound problem

I need the log from post #10 http://www.thecomputerforums.co.uk/f...203/#post53097

Okay, thats been done.

ComboFix 08-01-17.3 - Administrator 2008-01-17 5:58:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1359 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFscript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\imsins.BAK
C:\WINDOWS\ope151.tmp
C:\WINDOWS\system32\ope14C.exe
C:\WINDOWS\system32\ope14C.tmp
C:\WINDOWS\system32\ope153.exe
C:\WINDOWS\system32\ope153.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\Ryuan1
C:\Temp\Ryuan1\tepU.log
C:\WINDOWS\imsins.BAK
C:\WINDOWS\ope151.tmp
C:\WINDOWS\system32\edcA16
C:\WINDOWS\system32\ka8
C:\WINDOWS\system32\ka8\tycodllz83122.exe
C:\WINDOWS\system32\ope14C.exe
C:\WINDOWS\system32\ope14C.tmp
C:\WINDOWS\system32\ope153.exe
C:\WINDOWS\system32\ope153.tmp
C:\WINDOWS\system32\pe2
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-17 04:19 . 2008-01-17 04:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-17 03:55 . 2008-01-17 03:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-17 03:55 . 2008-01-17 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-17 03:55 . 2008-01-17 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-16 17:10 . 2008-01-16 17:10 <DIR> d-------- C:\Program Files\PeaZip
2008-01-16 12:55 . 2008-01-16 12:55 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-15 18:12 . 2008-01-15 18:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-15 18:12 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-15 18:12 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-15 03:30 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-15 03:27 . 2008-01-15 03:27 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-15 02:33 . 2008-01-15 02:33 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-01-15 02:33 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-01-15 00:35 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys
2008-01-15 00:24 . 2008-01-15 00:24 <DIR> d-------- C:\Program Files\VIA Technologies, INC
2008-01-15 00:20 . 2008-01-15 00:20 <DIR> d-------- C:\Program Files\Driver Wizard
2008-01-15 00:20 . 2001-09-22 10:16 4,016 --a------ C:\WINDOWS\system32\zlportio.sys
2008-01-15 00:19 . 2003-09-08 14:08 53,760 --a------ C:\WINDOWS\uninst62.exe
2008-01-15 00:11 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-01-15 00:10 . 2008-01-15 00:10 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-01-15 00:10 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-01-14 23:06 . 2008-01-14 23:24 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-14 16:56 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-14 16:56 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 16:56 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-14 16:56 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe
2008-01-14 16:56 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-14 15:32 . 2008-01-17 02:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 15:32 . 2008-01-14 15:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 23:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:27 . 2008-01-13 20:27 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 16:29 . 2008-01-13 16:39 <DIR> d-------- C:\Program Files\RegFix Mantra
2008-01-13 16:29 . 2008-01-13 16:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-09 18:27 . 2008-01-09 18:27 <DIR> d-------- C:\Fraps
2008-01-09 18:27 . 2008-01-09 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 19:09 . 2008-01-08 19:09 5,760,054 --a------ C:\WINDOWS\AW_XenoMorph1600.bmp
2008-01-07 07:53 . 2008-01-08 05:29 <DIR> d-------- C:\Program Files\thriXXX
2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Oxin's Style!
2008-01-07 00:21 . 2008-01-08 19:04 <DIR> d-------- C:\pebuilder3110a
2008-01-07 00:18 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL
2008-01-07 00:18 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL
2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-01-06 16:30 . 2008-01-06 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-06 16:29 . 2008-01-06 16:32 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-06 16:27 . 2008-01-06 16:27 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-06 16:27 . 2008-01-06 16:27 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-06 16:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-06 16:26 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-06 16:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-06 16:26 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-06 16:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-06 16:26 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-06 16:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-01-06 16:26 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-06 16:26 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-04 13:09 . 2008-01-04 13:09 <DIR> d-------- C:\Program Files\Two Worlds
2007-12-26 11:30 . 2007-12-26 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-26 11:28 . 2005-08-11 16:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-25 22:10 . 2007-12-26 01:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2007-12-25 22:10 . 2007-12-25 22:10 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-25 22:07 . 2007-12-26 02:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Program Files\Skype
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-17 03:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-17 02:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-17 01:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-16 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-15 05:25 --------- d-----w C:\Program Files\Morpheus
2008-01-15 01:08 --------- d-----w C:\Program Files\Java
2008-01-15 00:10 --------- d-----w C:\Program Files\Realtek
2008-01-14 23:50 --------- d-----w C:\Program Files\APV
2008-01-14 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 15:31 --------- d-----w C:\Program Files\QuickTime
2008-01-14 15:31 --------- d-----w C:\Program Files\iTunes
2008-01-14 15:31 --------- d-----w C:\Program Files\iPod
2008-01-14 01:48 --------- d-----w C:\Program Files\uTorrent
2008-01-13 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 17:11 --------- d-----w C:\Program Files\Zune
2008-01-13 17:11 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
2008-01-12 20:43 --------- d-----w C:\Program Files\AAAAAAAAAAAA
2008-01-04 13:19 --------- d-----w C:\Program Files\Reality Pump
2007-12-30 14:53 --------- d-----w C:\Program Files\stalker
2007-12-29 00:34 --------- d-----w C:\Program Files\The Creative Assembly
2007-12-26 11:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 18:00 4,637,696 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-12-20 16:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-12-18 14:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files
2007-12-14 12:08 --------- d-----w C:\Program Files\LimeWire
2007-12-09 08:15 --------- d-----w C:\Program Files\ImTOO
2007-12-05 01:50 --------- d-----w C:\Program Files\Wings Over Vietnam
2007-12-05 01:46 --------- d-----w C:\Program Files\wov
2007-12-05 01:44 --------- d-----w C:\Program Files\Battlefront
2007-12-04 07:48 --------- d-----w C:\Program Files\LucasArts
2007-12-01 17:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2007-12-01 16:35 --------- d-----w C:\Program Files\Call of Duty
2007-12-01 16:30 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-01 16:21 --------- d-s---w C:\Program Files\Xfire
2007-12-01 03:11 --------- d-----w C:\Program Files\SEGA
2007-11-30 03:34 --------- d-----w C:\Program Files\Common Files\snpstd3
2007-11-29 17:44 --------- d-----w C:\Program Files\BFV
2007-11-29 16:43 4 ----a-w C:\loadcounter.dat
2007-11-29 04:34 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-29 04:34 --------- d-----w C:\Program Files\Common Files\Real
2007-11-28 21:37 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
2007-11-28 03:03 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor
2007-11-28 03:01 --------- d-----w C:\Program Files\ElcomSoft
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-20 18:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-11-17 22:54 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-17 22:52 --------- d-----w C:\Program Files\LiveUpdate
2007-11-17 21:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sierra Entertainment
2007-11-17 20:51 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-17 20:40 --------- d-----w C:\Program Files\Sierra Entertainment
2007-11-15 21:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-15 21:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-15 21:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-15 21:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-15 21:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-15 21:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-10 15:35 399,872 ----a-w C:\openmp3.exe
2007-11-07 17:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 20:30 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 20:30 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-10-27 20:27 102,400 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 13:09 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-04-14 01:01 92,064 ----a-w C:\Documents and Settings\Administrator\mqdmmdm.sys
2007-04-14 01:01 9,232 ----a-w C:\Documents and Settings\Administrator\mqdmmdfl.sys
2007-04-14 01:01 79,328 ----a-w C:\Documents and Settings\Administrator\mqdmserd.sys
2007-04-14 01:01 66,656 ----a-w C:\Documents and Settings\Administrator\mqdmbus.sys
2007-04-14 01:01 6,208 ----a-w C:\Documents and Settings\Administrator\mqdmcmnt.sys
2007-04-14 01:01 5,936 ----a-w C:\Documents and Settings\Administrator\mqdmwhnt.sys
2007-04-14 01:01 4,048 ----a-w C:\Documents and Settings\Administrator\mqdmcr.sys
2007-04-14 01:01 25,600 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2007-04-14 01:01 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot_2008-01-17_ 1.04.24.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-07 16:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-05-07 16:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 16:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
- 2008-01-17 00:59:46 1,265,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-17 05:58:46 1,265,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
- 2008-01-17 00:59:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 05:58:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 00:59:46 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-17 05:58:46 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-17 00:59:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 05:58:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 00:59:46 9,154,560 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 05:58:46 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 00:59:46 679,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 05:58:46 679,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 03:55:07 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-17 03:55:07 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-17 03:55:07 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"="" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [ ]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-14 01:48 219952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"tblfunc"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"DriverMagicLogon"="C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [ ]
"prOSeLogin"="C:\Program Files\SymplisIT\RecoverMagic\prose.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16:47 16860672 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 23:05 219136]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-01-02 18:33:03]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-07 02:35:31]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-07 13:15]
R3 cdiport;cdiport;C:\WINDOWS\system32\DRIVERS\cdipor t.sys [2004-04-27 10:22]
R3 WinMTBus;WinMount Bus;C:\WINDOWS\system32\DRIVERS\WinMTBus.sys [2007-04-11 11:35]
S0 nullcd;nullcd;C:\WINDOWS\system32\Drivers\nullcd.s ys []
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 nenum13E;nenum13E;C:\DOCUME~1\ADMINI~1\LOCALS~1\Te mp\nenum13E.sys []
S3 tablet;Serial Tablet Driver;C:\WINDOWS\system32\DRIVERS\tablet.sys [2000-06-07 17:50]
S3 tbfilter;Tablet Filter Driver;C:\WINDOWS\system32\DRIVERS\tbfilter.sys [2000-06-07 15:13]
S3 zlportio;ZLPORTIO - Allow user access to I/O ports;C:\WINDOWS\system32\zlportio.sys [2001-09-22 10:16]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b53-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b5a-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b5c-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78259b5e-685d-11dc-84c6-00138fd8e62c}]
\Shell\AutoRun\command - J:\setup.exe
*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 14:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 12:55:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 06:02:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-17 6:03:06
ComboFix-quarantined-files.txt 2008-01-17 06:03:05
ComboFix2.txt 2008-01-17 02:19:37
ComboFix3.txt 2008-01-17 01:04:44
ComboFix4.txt 2008-01-14 23:59:55
.
2008-01-09 03:02:45 --- E O F ---


Whats next?

As for the sound problem, have you checked the Device Manager, or tried reinstalling the drivers?


Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
• An Express Scan of your PC notice will appear.
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button.
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
• Copy and paste that log in the next reply

Next post
Dr. Web CureIt log

Yeah ive checked the drivers and reinstalled them and ive checked the device manager, but still no sound...

I tried that Dr. Web Curelt and it kept having problems and closing.
As in, Dr. Web Curelt encountered an error, the "send or dont send" kind of error.

I may have to leave this untill a little later on today, as its 7AMish here and I havnt slept yet.

Speak soon.

OK, tomorrow when you have time run this online scan. It will take a while to complete. It will let us know exactly how much more malware is left, if any.

Use the Kaspersky Online Scanner

• Click Accept.
• Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer

When the scan is done, in the Scan is completewindow (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.


To obtain the report:
Click on: Save Report As... (above - red blinking arrow)
Next, in the Save asprompt, Save in area, select: Desktop.
In the File name area, use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please attach the Kaspersky Online Scanner Reportin your next post.

Next post
Kaspersky log

Im back again.
Mm nice sleep haha.

Okay, ive started the scan, I didnt reply straight away as I didnt think it would take so long, but so far its taken 2 hours and 50 minutes to do 65%.

Its found 11 viruses, 20 infected objects and 4 suspicious files... so far.

But alot of the time most pc's get viruses and they dont do "too" much harm (touchwood).
I'll follow with the report once its done, which might be in an hour and a bit.

Yes it is a thorough scan. Don't worry about it's findings. They could be all found in quarantine and backup folders from some of the removal we have already done so they can do no harm.

Ah, I get yah.

88% done so far at 3 hours and 35 minutes haha.

I may have to run it over night as my pc restarted for some reason.
It was about 6 hours through....

But I shall post the log tomorrow, if it is finished by then hah.

Thanks for your help again by the way.

Ouch, that doesn't sound right.

Hopefully it goes OK this time.

Run this as it should help to speed up the scan.

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

I'll do that right after I reply to this, I think the scanner was struggling on heavy duty zip files and stuff like patches for games.

My second HDD should be able to be removed from being scanned as its a very new HDD and I barely use it, trouble is, its the largest HDD on the pc, but its the most organised and I could probably Identify every file on it lol.
My most used HDD must be scanned due to it being my main one, so is there anyway in cancelling out my 2nd HDD from being scanned? as that was what was taking the extra 4 hours.. lol.

Sure, you can scan it at a later time just for a checkup.

Okay ive started another online virus scanner on everything but my 2nd hard drive.

Should only take less than 2 hours this time haha, I hope =\.

While we wait, tea anyone? haha.