Win Codec Pro Issues

Hello.
Some more malware came back. Please run Combofix again as normal, without CFScript.

ComboFix 09-06-09.06 - j 2009-06-09 21:43.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.241 [GMT -7:00]
Running from: c:\documents and settings\j\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 04:37 . 2009-06-10 04:37 -------- d-----w- c:\windows\LastGood
2009-06-06 05:45 . 2009-06-06 05:45 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-06 05:26 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-05 15:51 . 2009-06-05 15:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-05 15:49 . 2009-06-05 15:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-05 15:26 . 2009-06-05 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-05 15:26 . 2009-06-05 15:26 -------- d-----w- c:\program files\NOS
2009-06-05 15:25 . 2009-03-03 21:53 109420 ----a-w- c:\documents and settings\j\Application Data\Mozilla\Firefox\Profiles\pf3msk7d.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
2009-06-05 15:25 . 2009-03-03 21:53 17464 ----a-w- c:\documents and settings\j\Application Data\Mozilla\Firefox\Profiles\pf3msk7d.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
2009-06-05 15:25 . 2009-03-03 21:53 12792 ----a-w- c:\documents and settings\j\Application Data\Mozilla\Firefox\Profiles\pf3msk7d.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe
2009-06-05 00:21 . 2009-06-05 00:23 -------- d-----w- C:\5d7c28a002ff0ffa09a49f87125a
2009-06-04 19:15 . 2009-06-04 19:15 -------- d-----w- c:\program files\JavaFX
2009-06-02 06:10 . 2009-06-02 06:10 -------- d-sh--w- c:\documents and settings\j\PrivacIE
2009-06-02 04:31 . 2009-06-02 04:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-sh--w- c:\documents and settings\j\IETldCache
2009-06-01 15:08 . 2009-06-01 15:10 -------- dc-h--w- c:\windows\ie8
2009-05-22 04:11 . 2009-05-22 04:46 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 01:08 . 2009-05-22 01:16 179 ----a-w- C:\handle.dat
2009-05-11 15:13 . 2009-06-03 16:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 04:57 . 2008-08-17 23:45 -------- d-----w- c:\program files\PeerGuardian2
2009-06-10 04:41 . 2006-02-18 03:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 05:20 . 2009-03-12 01:45 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-07 01:47 . 2007-12-01 00:40 67344 ----a-w- c:\documents and settings\j\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 05:46 . 2009-04-28 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 19:20 . 2006-02-18 02:27 -------- d-----w- c:\program files\Java
2009-06-04 19:14 . 2008-08-14 20:55 -------- d-----w- c:\program files\Sun
2009-05-26 20:20 . 2009-04-28 06:59 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 20:19 . 2009-04-28 06:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-07 06:17 . 2009-04-30 16:48 -------- d-----w- c:\program files\Lavasoft
2009-05-07 06:17 . 2009-04-30 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 03:19 . 2009-04-27 16:33 117760 ----a-w- c:\documents and settings\j\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-07 02:31 . 2009-05-04 08:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-07 02:15 . 2009-05-07 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-06 18:13 . 2009-05-06 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-03 06:42 . 2009-05-03 06:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-03 06:42 . 2009-05-03 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-30 16:36 . 2009-04-30 16:18 -------- d-----w- c:\program files\Adware Professional
2009-04-29 03:23 . 2006-02-18 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-28 19:07 . 2006-02-18 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-04-28 19:07 . 2006-06-05 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-04-28 06:59 . 2009-04-28 06:59 -------- d-----w- c:\documents and settings\j\Application Data\Malwarebytes
2009-04-28 06:59 . 2009-04-28 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 15:38 . 2008-12-19 09:33 -------- d-----w- c:\documents and settings\j\Application Data\HPAppData
2009-04-19 05:17 . 2008-08-17 23:37 -------- d-----w- c:\documents and settings\j\Application Data\uTorrent
2009-04-16 09:50 . 2009-04-16 09:50 152576 ----a-w- c:\documents and settings\j\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-12 19:40 . 2009-03-12 19:40 503808 ----a-w- c:\documents and settings\j\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-78de2f04-n\msvcp71.dll
2009-03-12 19:40 . 2009-03-12 19:40 499712 ----a-w- c:\documents and settings\j\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-78de2f04-n\jmc.dll
2009-03-12 19:40 . 2009-03-12 19:40 348160 ----a-w- c:\documents and settings\j\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-78de2f04-n\msvcr71.dll
2009-03-12 19:34 . 2009-03-12 19:34 152576 ----a-w- c:\documents and settings\j\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2007-05-28 05:54 . 2007-05-28 05:54 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-11-29 23:29 . 2006-11-30 00:29 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-07_02.19.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 04:30 . 2009-06-10 04:30 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat
+ 2009-06-07 05:23 . 2009-06-07 05:23 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-06-10 04:37 . 2009-06-10 04:38 4708 c:\windows\SoftwareDistribution\EventCache\{65477903-F48A-4B98-9804-EBBC945FDBDC}.bin
+ 2009-06-07 05:21 . 2009-06-07 05:21 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-06-07 05:23 . 2009-06-07 05:23 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f48e3419fb2cb012fd160ae801600ae7\System.Messaging.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-06-07 05:06 . 2009-06-07 05:06 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-06-07 05:05 . 2009-06-07 05:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-06-07 05:21 . 2009-06-07 05:21 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-06-07 05:21 . 2009-06-07 05:21 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-06-07 05:21 . 2009-06-07 05:21 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-06-07 05:21 . 2009-06-07 05:21 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-06-07 05:06 . 2009-06-07 05:06 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-06-07 05:05 . 2009-06-07 05:05 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-06-07 05:22 . 2009-06-07 05:22 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-06-07 05:23 . 2009-06-07 05:23 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-06-07 05:06 . 2009-06-07 05:06 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF.tmp\System.ServiceModel.dll
+ 2009-06-07 05:21 . 2009-06-07 05:21 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-19 1421824]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-14 507904]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"xxatiptaxx"="c:\program files\ATI Technologies\ATI Control Panel\xxatiptaxx.exe" [2009-04-27 41472]
"xxies\ATI Control Panel\xxatiptaxx"="c:\program files\ATI Technologies\ATI Control Panel\xxatiptaxx.exe" [2009-04-27 41472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 1 (0x1)
"NoDispBackgroundPage"= 1 (0x1)
"NoDispSettingsPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-08-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-13 17:07 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=20715B

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-06-05 33176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\j\Application Data\Mozilla\Firefox\Profiles\pf3msk7d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arunachala.org/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????`?n??|?@???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3532)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-10 22:06
ComboFix-quarantined-files.txt 2009-06-10 05:06
ComboFix2.txt 2009-06-07 02:27

Pre-Run: 10,060,529,664 bytes free
Post-Run: 10,050,301,952 bytes free

252 --- E O F --- 2009-06-06 05:52

ok...I did as you asked. I still have all the same problems, except the resolution has not changed recently. I also found when I open volume control and click on the bar under WAVE...I get a short burst of sound, and when I release mouse button another short burst.

Thank you for the ongoing help, I will await further instructions

update>>>still having resolution change after all

Moving to OS forums, Doc might have an idea or two.

Doc, any ideas?

Hello,

Try this: Open device manger, select Sound, video and game controllers >> right click >> uninstall the audio drive and install this:

http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=14&PFid=24&Level=4&Conn=3&DownTypeID=3&GetDown=false

I tried to uninstall audio drive, and install the one in your link. My system keeps reinstalling the conexant.

Hello,

In control panel, add/remove programs can you see if Conexant is there? If it is, try to remove it.

ok..i removed conexant from add/remove programs, and uninstalled in device manager. And installed the realtek one you suggested and it gave me this error message:

This device cannot start. (Code 10)

Click Troubleshoot to start the troubleshooter for this device.

Any ideas?

It says I have legacy audio driver...does this matter?


I also still have all the win codec pro issues stated in my first post.


Thanks for your help