[Marine61]

Dear KM, here's my latest combofix report.ComboFix 08-04-15.8 - Owner 2008-04-16 10:10:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.309 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PC-Cleaner

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 17:30 . 2008-04-15 17:30 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-07 20:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 20:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-07 10:23 . 2008-04-07 10:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 22:58 . 2008-04-05 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-31 19:42 . 2008-03-31 19:42 <DIR> d-------- C:\Program Files\Support Tools
2008-03-31 19:14 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-31 19:14 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-31 16:24 . 2008-03-31 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 21:17 . 2008-03-30 21:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-30 21:16 . 2008-03-30 21:27 <DIR> d-------- C:\SDFix
2008-03-30 19:59 . 2008-03-30 19:59 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\systemerrorfixer
2008-03-30 19:58 . 2005-09-20 10:31 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-30 19:57 . 2008-03-30 19:57 13,690 --a------ C:\WINDOWS\system32\wpa.bak
2008-03-30 19:52 . 2006-02-28 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-30 19:51 . 2006-02-28 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-30 19:50 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-03-30 19:49 . 2008-03-30 19:49 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-30 19:49 . 2008-03-30 19:49 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-30 19:49 . 2008-03-30 19:49 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-30 19:49 . 2008-03-30 19:49 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-30 19:49 . 2008-03-30 19:49 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-25 23:14 . 2008-03-25 23:14 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-03-23 23:31 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-23 23:20 . 2008-03-23 23:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-03-23 22:17 . 2008-03-23 22:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-03-23 22:16 . 2008-03-23 22:17 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-23 20:48 . 2008-03-23 21:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-23 20:48 . 2008-03-23 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 20:48 . 2008-03-23 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-23 20:48 . 2008-03-23 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-23 19:13 . 2008-03-23 19:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 19:13 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-23 13:16 . 2006-03-16 17:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-03-23 13:13 . 2008-03-23 13:15 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-23 12:08 . 2008-03-25 23:14 <DIR> d-------- C:\Program Files\Symantec
2008-03-23 12:08 . 2008-03-25 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-23 11:58 . 2008-03-25 23:38 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-23 11:39 . 2004-10-07 14:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 11:39 . 2004-10-07 14:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 11:39 . 2004-10-07 14:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-23 11:39 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-23 11:39 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-23 11:30 . 2008-03-23 11:30 <DIR> d-------- C:\Program Files\Google
2008-03-23 11:30 . 2008-03-25 22:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 23:11 . 2008-03-30 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zshgtgru
2008-03-22 22:16 . 2008-03-22 22:16 <DIR> d-------- C:\Program Files\Intel
2008-03-22 22:16 . 2007-12-20 02:43 248,448 --a------ C:\WINDOWS\system32\PROUnstl.exe
2008-03-22 22:16 . 2006-01-12 15:52 1,904 --a------ C:\WINDOWS\system32\SetupBD.din
2008-03-22 22:03 . 2008-03-22 22:03 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-22 22:00 . 2007-11-16 11:55 165,496 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-03-22 21:55 . 2008-03-22 21:55 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-03-21 21:30 . 2008-03-21 21:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 21:30 . 2008-03-21 21:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-21 21:29 . 2008-03-21 21:29 <DIR> d-------- C:\WINDOWS\Cache
2008-03-21 21:22 . 2005-02-22 16:53 221,184 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-03-21 21:22 . 2005-03-16 20:09 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-03-21 21:22 . 2004-10-22 14:42 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-03-21 21:02 . 2008-03-21 21:36 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 21:01 . 2008-03-21 21:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 03:51 --------- d-----w C:\Program Files\Driver-Soft
2008-03-22 03:08 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot_2008-04-07_10.42.41.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-16 16:25:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 15:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-04-01 02:42:25 2,926 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2006-02-28 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2006-02-28 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2006-02-28 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2006-02-28 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2006-02-28 12:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2006-02-28 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2006-02-28 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2006-02-28 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2006-02-28 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2006-02-28 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2006-02-28 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2006-02-28 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2006-02-28 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2006-02-28 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2006-02-28 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2006-02-28 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2006-02-28 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2006-02-28 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 03:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-02-28 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2006-02-28 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2006-02-28 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2006-02-28 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2006-02-28 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2006-02-28 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-23 11:30 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]
"AROReminder"="" []
"uubxfuzx"="C:\WINDOWS\system32\tajcvyjk.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemErrorFixer"="C:\Program Files\SystemErrorFixer\SysRep.exe" [ ]
"cwriter"="C:\Program Files\SystemErrorFixer\ucookw.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=


.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 10:11:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-16 10:12:52
ComboFix-quarantined-files.txt 2008-04-16 17:12:45
ComboFix2.txt 2008-04-07 17:43:03
ComboFix3.txt 2008-04-02 17:09:13

Pre-Run: 32,852,480,000 bytes free
Post-Run: 32,857,542,656 bytes free
.
2008-04-16 16:26:27 --- E O F ---

[Marine61]

KM, Here's my latest Hijackthis log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:41 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\SystemErrorFixer\ucookw.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uubxfuzx] C:\WINDOWS\system32\tajcvyjk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207586575796
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 3989 bytes

[Marine61]

Hi KM, I've lost my audio since my machine became infected. Do you have any thoughts on this? Thanks, Tom

[km2357]

Quote:

Hi KM, I've lost my audio since my machine became infected. Do you have any thoughts on this?

Hi Tom.

It's possible that one of the infections you have/had could have caused you to lose audio. It could also be a coicendence as well. I've personally never heard of malware that can take out your audio, but it just might be I haven't come across it yet. We still have some more cleaning to do to your computer. Let's see if your audio comes back during the cleaning process. Have you tried reinstalling your sound drivers or seeing if you can download an update for them? When you try to access your computer's audio, does it give you any error messages?


I don't need to see cf_rc.txt, looking at your latest ComboFix log, it looks like you have sucessfully installed the Recovery Console.


Step # 1: Run CFScript

Please delete the version of ComboFix you have on your computer, I need you to download the latest version of ComboFix by sUBs here and save it to your Desktop.

• Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  KillAll::
  
  File::
  
  C:\WINDOWS\system32\tajcvyjk.exe
  
  Folder::
  
  C:\Documents and Settings\All Users\Application Data\systemerrorfixer
  C:\Documents and Settings\All Users\Application Data\zshgtgru
  C:\Program Files\SystemErrorFixer
  C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
  
  Registry::
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "uubxfuzx"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SystemErrorFixer"=-
  "cwriter"=-

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. ComboFix Log (that appears after Step 1)
2. A fresh HiJackThis Log (taken after ComboFix has ran)

Use multiple posts if you can't fit everything into one post.

[Marine61]

Dear KM, Thanks to your suggestions my audio has been restored.

[km2357]

Quote:

Originally Posted by Marine61

Dear KM, Thanks to your suggestions my audio has been restored.

That's great. What brought the audio back? Was it reinstalling/updating the sound card drivers?

If you haven't already, please do Step #1 of my last post to you. We've still got some more cleaning to do on/with your computer.

[Marine61]

Dear KM, sorry that I left you hanging. I've been busy with work and the computer that we were repairing belongs to my son and he's always on it.Thank you once again for your patience and wealth of knowlege. Regards, Tom

[km2357]

Hello Tom.

Have you had a chance to do Step #1 of this post yet? If not, please do so and post the ComboFix Log that results from it and post a fresh HiJackThis Log as well.