Deucehearts

I just reformated the drive and reinstalled the OS with a OEM disk I had laying around. Thanks everybody for your time. This thread can be closed now.

Would it be best to just reformat the HD and reinstall the os? This is a new hard drive installed in it and the recovery disks were used(which I think the infection is on) to reinstall the OS.

Here is my HIJack log. Any help would be Great. Friends Laptop running XP Home with SP3. I ran AVG and Spybot with out any luck. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:07:23 PM, on 5/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WI

I found a fix that has been working for a couple hours now. Apparently the firmware for my TS-L462C 24x cdrw/dvd combo drive conflicts with my sound drivers when updated to DE07. I ended up installing firmware DE05 and the audio now works perfectly fine. I found the fix at the following link. I will paste the fix from his link as well in case the link goes down for any reason. Fix link. The solution that I finally found...is to roll back the DE07 firmware to DE05. Which at first, doesn't seem that easy because the DE05 flashes the firmware from a floppy boot-disk, and my B130 didn't come wit

I went to this website and ran the fix in step one and the sound worked fine. I then rebooted and had the same problem again. I found http://winhlp.com/node/10 UPDATE: I uninstalled the primary IDE channel and restarted the computer and the sound was great for about 10 secs. Then the sound distortion returned.

I did a fresh install and first install the modem driver and then the Sigma Tel driver and the sound worked great. I installed the video driver and it was still good. I then installed Ricoh memory card driver and the sound started cracking and popping again. I then did a system restore to a time before I installed any drivers and then reinstalled the modem and sigma tel drivers and the sound issue is still there.

I was installing driver by driver to figure out when the sound starts going bad and after I installed the Intel Mobile Chipset Driver the sound went bad. How do I uninstall this one? Where is it located in my device manager so I can roll it back?

Recently had filled up my hard drive on my Dell E1505 and purchased a new one. On my new hard drive I created 2 partitions. On one partition I loaded an Image of my previous install. On the other partition I did a fresh install of Windows XP Media Center 2005. I then reformated the old harddrive and did a fresh install of Media Center 2005. Now the issue. On all three partitions I used the drivers supplied on the Dell website for my Laptop and have all windows updates installed. On the imaged partition the sounds works perfectly. On the other partition and other hard drive the sound pops and c

Thanks for all your help everyone.

The computer is running a lot better now, thanks for all your help. Here is another hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 11:34:46 AM, on 12/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, December 13, 2007 5:26:18 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/12/2007 Kaspersky Anti-Virus database records: 481147 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer

Here is my new Hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 3:46:46 PM, on 12/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lav

ComboFix 07-12-12.3 - Dustin Ogilvie 2007-12-11 15:15:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT -6:00] Running from: C:\Documents and Settings\Dustin Ogilvie\Desktop\ComboFix.exe * Created a new restore point . The following files were disabled during the run: C:\WINDOWS\system32\guard32.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ryvibatg C:\Program Files\ryvibatg\pufoxgpu.dll C:\Program Files\SecCenter C:\Program Files\SecCenter\scprot4.exe C:\Program Files\Sec

SDFix: Version 1.118 Run by Dustin Ogilvie on Tue 12/11/2007 at 02:48 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/steal

A little icon showed up in my notification bar and is said there has been a trojan detected. It looked wrong so I closed it and ran hijackthis. Thanks for your help. Logfile of HijackThis v1.99.1 Scan saved at 12:52:25 AM, on 12/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wirele

Logfile of HijackThis v1.99.1 Scan saved at 11:17:12 AM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\W

I did not install Empire poker and am unable to find it on the computer to uninstall as well. Here are my new logs. ComboFix 07-12-02.5 - Michelle 2007-12-02 11:08:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -6:00] Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data.\winantis

Here is my new hijack log. Thanks once again. Logfile of HijackThis v1.99.1 Scan saved at 2:46:04 AM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 200

Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz Percentage of Memory in Use: 48% Physical Memory (total/avail): 1014.37 MiB / 526.38 MiB Pagefile Memory (total/avail): 2441.45 MiB / 205

Deckard's System Scanner v20071014.68 Run by Michelle on 2007-12-02 02:40:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 25: 2007-12-02 08:40:35 UTC - RP90 - Deckard's System Scanner Restore Point 24: 2007-11-30 18:38:05 UTC - RP89 - System Checkpoint 23: 2007-11-29 03:30:55 UTC - RP88 - System Checkpoint 22: 2007-11-24 22:51:51 UTC - RP87 - System Checkpoint

VundoFix V6.7.0 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 1:52:46 AM 12/2/2007 Listing files found while scanning.... C:\windows\system32\fgjlm.bak1 C:\WINDOWS\system32\fgjlm.bak2 C:\WINDOWS\system32\fgjlm.ini C:\windows\system32\fiyngnrv.ini C:\WINDOWS\system32\lujktfbu.exe C:\WINDOWS\system32\mljgf.dll C:\WINDOWS\system32\rqrrspn.dll C:\windows\system32\vrngnyif.dll Beginning removal... Attempting to delete C:\windows\system32\fgjlm.bak1 C:\windows\system32\fgjlm.bak1 Has been deleted! Attempting to delete C

I have run adaware and spybot s&d numerous times cleaning everything they find. When cleaning in Spybot S&D I keep getting the blue screen of death. I am also unable to run most online scans. The laptop I am working with is running Windows XP media edition with all the updates. Any help would be great, thanks for your time in advance. Logfile of HijackThis v1.99.1 Scan saved at 12:46:26 AM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WIND

Sorry this took so long to post. Just to let you know I uninstalled AOL since the AOLServiceHost.exe was using 80% of the prossesor when aol was closed. Computer is much faster now. Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 7.0 AOL Uninstaller AOL You've Got Pictures Screensaver AVG Anti-Spyware 7.5 BigFix Canon PC1200/iC D600/iR1200G CC_ccProxyExt ccCommon ccPxyCore Conexant AC-Link Audio Google Toolbar for Internet Explorer HijackThis 1.99.1 HP Deskjet 3900 series HP Extended Capabilities 5.0 HP Image Zone Express HP Imaging Device Functions 5.0 HP Software Update HP Sol

Here is Panda's report. Incident Status Location Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F

Here is a new Hijackthis log I ran after a few more scans. Logfile of HijackThis v1.99.1 Scan saved at 12:16:01 PM, on 11/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Int