TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Juggernaut on August 27, 2007, 06:18:41 PM

Title: sound issues
Post by: Juggernaut on August 27, 2007, 06:18:41 PM

started up my computer and for an unknown reason there is no sound at all, internet, programs, anything... and all the drivers and devices seem to be in order?  plus my computer could just use a look over. thanks guestolo!

Logfile of HijackThis v1.99.1
Scan saved at 7:18:13 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\program files\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Colin Thorner\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Title: sound issues
Post by: guestolo on August 27, 2007, 10:33:45 PM

Looks ok, are you sure you have no problems in Device manager?
1. Click the Start button, then click Control Panel.
The Pick a Category window appears.
2. Click Performance and Maintenance.
3. Click the icon named System.
The System Properties window appears.
4. Click the Hardware tab.
5. Click the Device Manager button.
The Device Manager window appears.
6. Click the plus (+) symbol next to the category "Sound,video and game controllers"

Does all seem in order?
What's listed?

Title: sound issues
Post by: Juggernaut on August 28, 2007, 12:28:01 AM

i checked it already but under the category i have, Audio Codecs, Legacy Audio Drivers, Legacy Video Capture Devices, Media Control Devices, SoundMAX Integrated Digital Audio, and Video Codecs... all which say they are working properly, yet i still have no sound from speakers or headphones

Title: sound issues
Post by: Juggernaut on August 28, 2007, 05:54:16 PM

oh further review of my problem, i've found the error message "No active mixer devices available" when i tried to click on my Volume Control. I googled the problem and it seems that its a pretty reaccurring thing, however i was not able to find a suitable solution... i know you know what youre doing guestolo!   /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: sound issues
Post by: guestolo on August 29, 2007, 05:00:59 PM

Check Windows Audio in the service control manager

Go to Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Windows Audio

Double click on it--- START the service--If not running
In the drop down menu, change the startup type to Automatic
If not set that way
Apply and OK it then exit out of there, any help?

Title: sound issues
Post by: Juggernaut on August 29, 2007, 06:01:09 PM

the Windows Audio service was already started and i repaired it, however that didnt do it... i still have no sound.

Title: sound issues
Post by: guestolo on August 29, 2007, 06:03:41 PM

Quote

Windows Audio service was already started and i repaired it

What do you mean you repaired it?
Was it set to Automatic?

Title: sound issues
Post by: Juggernaut on August 29, 2007, 06:10:16 PM

it was already set to automatic... repair wasnt the correct term, i restarted the service but i still dont have sound after that.

Title: sound issues
Post by: guestolo on August 29, 2007, 06:35:59 PM

I've been looking around the Net
Can you do the following for me
Open your Device manager
and expand (+) on System Devices

Do you see
"Plug and Play Software Device Enumerator"

In the list?

Can you also look for the presence of these files on your computer
C:\WINDOWS\system32\drivers\swenum.sys
C:\WINDOWS\system32\streamci.dll

Do they both exist, take a close look

Title: sound issues
Post by: Juggernaut on August 29, 2007, 06:44:03 PM

i have the plug and play device and both those files exist in my system32 folder.

Title: sound issues
Post by: guestolo on August 29, 2007, 07:10:46 PM

You mean
"Plug and Play Software Device Enumerator"
If you double click on it, is the device working properly?

System32 folder? you mean one should be in the drivers folder, right???

Title: sound issues
Post by: Juggernaut on August 29, 2007, 08:05:49 PM

yes the "Plug And Play Software Device Enumerator" is working properly, and the files are in the System32 and drivers folder respectively where you said they should be.

Title: sound issues
Post by: guestolo on August 29, 2007, 08:08:55 PM

I don't see any problems, if your sure that under SOUNDS in device manager all devices are working properly
Did you do any recent updates that may be related?

Can you try a system restore point back to a time before you had problems

Title: sound issues
Post by: Juggernaut on August 29, 2007, 09:08:30 PM

i can't restore my computer to an earlier time because it give me the same message, "No changes have been made to your computer"... restore incomplete

Title: sound issues
Post by: guestolo on August 29, 2007, 10:15:41 PM

Quote

i can't restore my computer to an earlier time because it give me the same message, "No changes have been made to your computer"... restore incomplete

What do you mean by it gives you the same message???
Did that give you problems before?

What is the EXACT make and model of your laptop

EDIT>>Just noticed you have IBM's  Rapid Restore Ultra
Can you use that to restore to a previous time?

Title: sound issues
Post by: Juggernaut on August 29, 2007, 11:40:16 PM

my computer is an IBM Thinkpad T43 laptop, and what is this IBM Rapid Restore Ultra? i didnt realize i had such a program, so no ive never used it.

Title: sound issues
Post by: Joshyboy on August 31, 2007, 07:56:37 AM

I had the same similar thing happen to my IBM Thinkpad T26 and I took it in and got it repaired cost me like AUD$50

Title: sound issues
Post by: zimzim on August 31, 2007, 08:53:41 AM

have you tried downloading the latest Sound drivers from IBM Supportpage and reinstalling? couldnt see it mentioned in the previous threads so forgive my ageing eyesight if i missed it. Sometimes the simple things work if untried.

Title: sound issues
Post by: Juggernaut on August 31, 2007, 03:53:05 PM

yea i mean i could try it, see what happens... its getting so frustrated at this point that im almost on the verge of reformatting my computer just to get the sound back, sure hoping Guestolo can come up with an answer for me :/

Title: sound issues
Post by: Joshyboy on August 31, 2007, 06:38:06 PM

Does it work differently if you have headphones plugged in or something?

Title: sound issues
Post by: Juggernaut on August 31, 2007, 11:10:12 PM

nah i just completely dont have sound at all, thats how i know my laptop speakers arent gone... cause if they were the issue id have sound out of my external speakers or my headphones, but i just dont have anything at all so i suppose its a missing file or setting somewhere that got changed when any of my programs updated.

Title: sound issues
Post by: guestolo on September 01, 2007, 01:02:06 AM

Quote

have you tried downloading the latest Sound drivers from IBM Supportpage

Zimzim gives some good advice, now that we have your exact model of computer
Have you gone to IBM and done the following?\

Uninstall your sound drivers then reinstalled?

Download your latest sound drivers
Uninstall yours from add/remove >> Soundmax
Reboot then install the ones from IBM site
Sorry, I would direct link you but I'm having problems accessing the site right now  /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Title: sound issues
Post by: guestolo on September 02, 2007, 10:20:49 AM

I can access the site again
This should be the link to your driver
http://www-307.ibm.com/pc/support/site.wss...ocid=MIGR-58599 (http://\"http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-58599\")

Title: sound issues
Post by: Juggernaut on September 03, 2007, 09:04:39 PM

my sound problem is allset... but i have been wanting to ask you a question, id like to know if its possible to overclock my graphics card in order to get more out of it, either that or more speed out of my hard driver, any help would be appreciated

Title: sound issues
Post by: guestolo on September 04, 2007, 11:44:12 AM

Most laptops run at 5400rpm, I think the Thinkpad T43 runs at 7200RPM
So that is good
Laptops aren't great gaming boxes, if that's what your after, except for maybe Alienware

There are overclocking utilities for video cards, I would check with OC forums
Here's one, but I would be very careful, heat factor and all
http://www.techpowerup.com/atitool/ (http://\"http://www.techpowerup.com/atitool/\")
Use at your own risk!!
More info
http://atitool.techpowerup.com/wiki (http://\"http://atitool.techpowerup.com/wiki\")

Of course, if you can add more RAM to the computer would be good

Title: sound issues
Post by: Juggernaut on September 04, 2007, 12:19:37 PM

only issue is that i have in integrated Intel graphics card, also i didnt think it was possible to add more RAM to a thinkpad.

Title: sound issues
Post by: guestolo on September 04, 2007, 12:37:15 PM

Quote

only issue is that i have in integrated Intel graphics card

Well there you go, you know more about your system then I, I thought it came with either ATI or Nvidia graphics

Quote

also i didnt think it was possible to add more RAM to a thinkpad

It really depends, when you ordered it, did you max it out?
How much RAM do you have now?
You can find your max here, you'll have to choose the series that applies
http://www.memoryx.net/thinkpadt43.html (http://\"http://www.memoryx.net/thinkpadt43.html\")

Title: sound issues
Post by: Juggernaut on September 06, 2007, 01:02:20 PM

my computer has been acting up though... can you take a look please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:39 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 5593 bytes

Title: sound issues
Post by: guestolo on September 06, 2007, 07:08:03 PM

Things were looking good earlier, but you picked up an infection

Can you do the following
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back combofix log along with a fresh hijackthis log

Title: sound issues
Post by: Juggernaut on September 06, 2007, 09:22:11 PM

ComboFix 07-08-30.3 - "Colin Thorner" 2007-09-06 22:10:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.124 [GMT -4:00]
 * Created a new restore point


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\byxxyay.dll
C:\WINDOWS\system32\nsz3A1.dll
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\ssqpo.dll


(((((((((((((((((((((((((   Files Created from 2007-08-07 to 2007-09-07  )))))))))))))))))))))))))))))))


2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:52   55,592   --a------   C:\WINDOWS\system32\adssite-remove.exe
2007-09-03 20:52   39,881   --a------   C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iPod
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:04   <DIR>   d--------   C:\Program Files\Viewpoint
2007-09-03 17:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\Common Files\Sonic
2007-09-03 16:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ibm
2007-09-03 16:11   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-09-03 16:10   <DIR>   d--------   C:\WINDOWS\system32\thinkpad_features
2007-09-03 16:10   <DIR>   d--------   C:\Program Files\Sonic
2007-09-03 16:10   <DIR>   d--------   C:\Program Files\IBM RecordNow!


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 22:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-07-14 21:37   27992   --a------   C:\WINDOWS\system32\drivers\pstrip.sys
2007-06-26 22:10   317440   --a------   C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 11:13   851968   ---------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35   665600   ---------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08   1104896   ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:37   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:37   282112   ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12   96256   ---------   C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12   616960   ---------   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12   55808   ---------   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12   532480   ---------   C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12   474112   ---------   C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12   449024   ---------   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12   39424   ---------   C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12   357888   ---------   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12   3064320   ---------   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12   251904   ---------   C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12   205824   ---------   C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12   16384   ---------   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12   151040   ---------   C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12   1498112   ---------   C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12   146432   ---------   C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12   1054208   ---------   C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12   1022976   ---------   C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32   18432   ---------   C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23   1033216   --a------   C:\WINDOWS\explorer.exe
2007-06-13 06:23   1033216   ---------   C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51   10834944   --a------   C:\WINDOWS\system32\dllcache\wmp.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-08-21 07:50   61440   --a------   C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-03 17:23]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-08-21 07:50]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpo
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS


Contents of the \'Scheduled Tasks\' folder
2007-09-06 19:57:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-07 02:18:45 C:\WINDOWS\Tasks\PMTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-06 22:18:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 22:20:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 22:20

   --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:48 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonadz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'LOCAL SERVICE\')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'NETWORK SERVICE\')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'SYSTEM\')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'Default user\')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra \'Tools\' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 6386 bytes

Title: sound issues
Post by: guestolo on September 06, 2007, 09:31:09 PM

We have more to do, but before we carry forward, can I see one more log

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Title: sound issues
Post by: Juggernaut on September 06, 2007, 10:25:57 PM

Access IBM
Adobe Reader 8.1.0
Adssite Browser Optimizer
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG 7.5
Combined Community Codec Pack 2007-07-22
Condition Zero
Condition Zero Deleted Scenes
Counter-Strike
Day of Defeat
End It All
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM SATA Power Management Driver
IBM Themes
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Power Manager
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD
iTunes
Java(tm) 6 Update 2
LimeWire PRO 4.12.11
mCore
mDriver
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
mMHouse
Mozilla Firefox (2.0.0.6)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
PC-Doctor for Windows
PokerStars
PowerStrip 3 (remove only)
QuickTime
RealPlayer
Rightonadz Browser Optimizer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
vitalsource KEY 3
Wallpapers
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

Title: sound issues
Post by: guestolo on September 06, 2007, 10:41:35 PM

Can you do the following
Close down your browser

Then access your add/remove programs and remove
Adssite Browser Optimizer
Rightonadz Browser Optimizer

I also suggest that you uninstall
Viewpoint Media Player

Reboot your computer

Back in Windows, can you run Combofix again and post a fresh log
Also post a fresh hijackthis log

Title: sound issues
Post by: Juggernaut on September 17, 2007, 03:38:35 PM

sorry its taken me so long but ive had a lot of stuff to take care of in my life... heres the log though

ComboFix 07-09-17.2 - "Colin Thorner" 2007-09-17 16:33:10.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.78 [GMT -4:00]
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-08-17 to 2007-09-17  )))))))))))))))))))))))))))))))
.

2007-09-16 01:21   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-09-12 06:46   62,464   --a------   C:\WINDOWS\system32\gzmrotate.dll
2007-09-11 01:07   <DIR>   d--------   C:\Program Files\iPod
2007-09-08 08:52   <DIR>   d--------   C:\Program Files\Common Files\Nullsoft
2007-09-08 08:51   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\AIM
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:52   55,592   --a------   C:\WINDOWS\system32\adssite-remove.exe
2007-09-03 20:52   40,315   --a------   C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:04   <DIR>   d--------   C:\Program Files\Viewpoint
2007-09-03 17:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 22:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 22:10   317440   --a------   C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 11:13   851968   ---------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35   665600   ---------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08   1104896   ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:37   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:37   282112   ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-06_221959.00   )))))))))))))))))))))))))))))))))))))))))
.
----a-r            27,136 2007-09-11 04:59:18  C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
----a-r           102,400 2007-09-11 05:07:39  C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w           131,072 2003-02-21 01:43:50  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w            98,304 2006-04-14 02:18:24  C:\WINDOWS\system32\atonecli.dll
----a-w           196,608 2006-04-14 02:18:24  C:\WINDOWS\system32\atonres.dll
----a-w        17,474,680 2007-09-06 02:50:42  C:\WINDOWS\system32\MRT.exe
----a-w           106,496 2003-02-21 02:09:14  C:\WINDOWS\system32\mscories.dll
----a-w           131,072 2006-04-14 02:18:24  C:\WINDOWS\system32\WbxMSAI.dll
----a-w            49,152 2006-04-30 03:34:04  C:\WINDOWS\system32\WbxRMenu.dll
-c--a-w            30,336 2007-09-06 17:28:16  C:\WINDOWS\system32\DRVSTORE\usbaapl_A65621D65F5B7507DD7B22331826547BDD2D206B\usbaapl.sys
.
----a-w            86,528 2005-09-23 11:28:52  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w        16,789,464 2007-08-03 04:34:12  C:\WINDOWS\system32\MRT.exe
----a-w            74,240 2005-09-23 11:28:52  C:\WINDOWS\system32\mscories.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-09-12 06:46   62464   --a------   C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:44]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 09:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-12 06:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpo
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 17:27:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-17 19:50:24 C:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-17 16:36:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-17 16:37:10
C:\ComboFix-quarantined-files.txt ... 2007-09-17 16:37
C:\ComboFix2.txt ... 2007-09-06 22:20
.
   --- E O F ---

Title: sound issues
Post by: guestolo on September 18, 2007, 11:06:20 PM

It's too much of a delay between responses
I need you to do the following
Delete your version of Combofix.exe and it's folder
C:\Combofix

Do this again
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from combofix along with a fresh hijackthis log

Title: sound issues
Post by: Juggernaut on September 19, 2007, 07:49:19 AM

combofix log...

ComboFix 07-09-18.4 - "Colin Thorner" 2007-09-19  8:42:29.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.109 [GMT -4:00]
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))
.

2007-09-16 01:21   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-09-12 06:46   62,464   --a------   C:\WINDOWS\system32\gzmrotate.dll
2007-09-11 01:07   <DIR>   d--------   C:\Program Files\iPod
2007-09-08 08:52   <DIR>   d--------   C:\Program Files\Common Files\Nullsoft
2007-09-08 08:51   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\AIM
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:52   55,592   --a------   C:\WINDOWS\system32\adssite-remove.exe
2007-09-03 20:52   40,315   --a------   C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:04   <DIR>   d--------   C:\Program Files\Viewpoint
2007-09-03 17:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 22:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 22:10   317440   --a------   C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 11:13   851968   ---------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35   665600   ---------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08   1104896   ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:37   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:37   282112   ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-06_221959.00   )))))))))))))))))))))))))))))))))))))))))
.
----a-r            27,136 2007-09-11 04:59:18  C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
----a-r           102,400 2007-09-11 05:07:39  C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w           131,072 2003-02-21 01:43:50  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w            98,304 2006-04-14 02:18:24  C:\WINDOWS\system32\atonecli.dll
----a-w           196,608 2006-04-14 02:18:24  C:\WINDOWS\system32\atonres.dll
----a-w        17,474,680 2007-09-06 02:50:42  C:\WINDOWS\system32\MRT.exe
----a-w           106,496 2003-02-21 02:09:14  C:\WINDOWS\system32\mscories.dll
----a-w           131,072 2006-04-14 02:18:24  C:\WINDOWS\system32\WbxMSAI.dll
----a-w            49,152 2006-04-30 03:34:04  C:\WINDOWS\system32\WbxRMenu.dll
-c--a-w            30,336 2007-09-06 17:28:16  C:\WINDOWS\system32\DRVSTORE\usbaapl_A65621D65F5B7507DD7B22331826547BDD2D206B\usbaapl.sys
.
----a-w            86,528 2005-09-23 11:28:52  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w        16,789,464 2007-08-03 04:34:12  C:\WINDOWS\system32\MRT.exe
----a-w            74,240 2005-09-23 11:28:52  C:\WINDOWS\system32\mscories.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-09-12 06:46   62464   --a------   C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:44]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 09:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-12 06:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 17:27:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-19 10:55:45 C:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-19 08:45:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19  8:48:09
C:\ComboFix-quarantined-files.txt ... 2007-09-19 08:48
.
   --- E O F ---

Title: sound issues
Post by: Juggernaut on September 19, 2007, 07:50:20 AM

hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:49 AM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\moviegod14\day of defeat\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\ComboFix\NirCmd.cfexe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 6763 bytes

Title: sound issues
Post by: guestolo on September 19, 2007, 08:09:46 AM

Were you able to do the following or did you skip it?

Quote

access your add/remove programs and remove
Adssite Browser Optimizer
Rightonadz Browser Optimizer

I also suggest that you uninstall
Viewpoint Media Player

Title: sound issues
Post by: Juggernaut on September 19, 2007, 06:09:12 PM

already took care of that stuff, what's next?

Title: sound issues
Post by: guestolo on September 19, 2007, 09:18:17 PM

Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrot-uninst.exe

Folder::
C:\Program Files\Viewpoint
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hid_start"=-

DirLook::
C:\RRUbackups

Save this as txtfile
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScript.gif)

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..
I will need to see this log again later

Also do the following please
Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color] (http://\"https://europe.f-secure.com/exclude/blacklight/fsbl.exe\")
(F-Secure Blacklight)

Double click to run fsbl.exe
    * Accept the user agreement.
    * Click Scan.
    * After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

Post back ALL the following

1. Post a fresh hijackthis log
2. Post the fresh log from Combofix>>C:\Combofix.txt
3. Post the log from fsbl.exe

Title: sound issues
Post by: Juggernaut on September 20, 2007, 10:00:00 AM

HJK Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:48 AM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'LOCAL SERVICE\')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'NETWORK SERVICE\')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'SYSTEM\')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'Default user\')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra \'Tools\' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 6367 bytes


ComboFix log...

ComboFix 07-09-19.8 - "Colin Thorner" 2007-09-20 10:45:53.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.57 [GMT -4:00]
 * Created a new restore point

FILE::
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrot-uninst.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrot-uninst.exe
C:\WINDOWS\system32\gzmrotate.dll

.
(((((((((((((((((((((((((   Files Created from 2007-08-20 to 2007-09-20  )))))))))))))))))))))))))))))))
.

2007-09-19 20:55   <DIR>   d--------   C:\Program Files\iPod
2007-09-16 01:21   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-09-08 08:52   <DIR>   d--------   C:\Program Files\Common Files\Nullsoft
2007-09-08 08:51   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\AIM
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\Common Files\Sonic
2007-09-03 16:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ibm
2007-09-03 16:11   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-09-03 16:10   <DIR>   d--------   C:\WINDOWS\system32\thinkpad_features
2007-09-03 16:10   <DIR>   d--------   C:\Program Files\Sonic

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\RRUbackups ----

         C:\RRUbackups\


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:44]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 09:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS

.
Contents of the \'Scheduled Tasks\' folder
"2007-09-13 17:27:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-20 14:50:45 C:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-20 10:50:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-20 10:52:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 10:51
C:\ComboFix2.txt ... 2007-09-19 08:48
.
   --- E O F ---

Title: sound issues
Post by: Juggernaut on September 20, 2007, 10:01:02 AM

FSBL Log...

09/20/07 10:53:54 [Info]: BlackLight Engine 1.0.64 initialized
09/20/07 10:53:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/20/07 10:53:54 [Note]: 7019 4
09/20/07 10:53:54 [Note]: 7005 0
09/20/07 10:53:57 [Note]: 7006 0
09/20/07 10:53:57 [Note]: 7011 364
09/20/07 10:53:58 [Note]: 7026 0
09/20/07 10:53:58 [Note]: 7026 0
09/20/07 10:54:00 [Note]: FSRAW library version 1.7.1022
09/20/07 10:58:29 [Note]: 7007 0

Title: sound issues
Post by: guestolo on September 20, 2007, 10:58:56 PM

Looks good, how is everything?

Title: sound issues
Post by: Juggernaut on September 22, 2007, 12:52:08 AM

seems to be alright, ill keep you posted if anything else pops up

Title: sound issues
Post by: guestolo on September 22, 2007, 08:48:57 AM

I'll keep this topic open for a few days, let me know how it's working after a couple days