Hi guys i got a few problems my computer suddenly hangs up now on or offline it dont matter also it has seem to lost audio codecs on media player and my volume control is gone and i have no sound. Here is my Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:18 AM, on 2009-04-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\lxdpcoms.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MZ U.T\MzRamBooster.exe
C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MZ U.T\MzRamBooster.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: My On Target Forecast - Desktop.lnk = C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1217634334982
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: iifEVmjG - iifEVmjG.dll (file missing)
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9708 bytesi also have anti spyware and charter security and maleware bytes and i have only found a couple worms dont remember names lol sorry please help

Your sound problems are probably unrelated, but since there is some infection present, I'm gonna move this thread to appropriate forum.

Meanwhile...

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download gmer.zip: GMER - Rootkit Detector and Remover - Files
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ok i ran all the tools that you said anti spyware found nothin but a couple tracking cookies and malware bytes found nothin but a popup came up about hope ford draw and it said it couldnt remove it also ran Gmer but it keeps shutting down the computer and doesnt finish scan i tried a couple times same results here is a fresh hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:22 PM, on 2009-04-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\lxdpcoms.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MZ U.T\MzRamBooster.exe
C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MZ U.T\MzRamBooster.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: My On Target Forecast - Desktop.lnk = C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1217634334982
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: iifEVmjG - iifEVmjG.dll (file missing)
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9812 bytes please help this thing is really geting me ticked off lol and as far as sound and audio the media player keeps telling me theres a missing file and sound wont work at all thank you for your help

a popup came up about hope ford draw

Say again, please?

Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• After the update, from the "File" menu, choose "Standard Scripts"
• Put a check next to item 2: Advanced System Investigation
• Click Execute selected scripts
• At the next prompt, click the OK button
• Let the scan run and click "OK" when the completion prompt pops up
• Now Close out of the Standard Scripts window, and exit AVZ
• Navigate to the avz4 folder and locate the folder LOG
• Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
• Attach the compressed file, virusinfo_syscheck.zip, to your next reply.

ok i ran it and heres the log
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 2009-04-07 11:39:52 AM
Database loaded: signatures - 217648, NN profile(s) - 2, microprograms of healing - 56, signature database released 06.04.2009 20:09
Heuristic microprograms loaded: 372
SPV microprograms loaded: 9
Digital signatures of system files loaded: 106028
Heuristic analyzer mode: Maximum heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
System Restore: Disabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083220)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A220
KiST = 804E26A8 (284)
Function NtCreateProcess (2F) intercepted (805B136A->BA24DC26), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtCreateProcessEx (30) intercepted (8057FC6C->BA24DC40), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtCreateThread (35) intercepted (8058E64B->BA24CDE4), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtLoadDriver (61) intercepted (805A3B01->BA24D10C), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtMapViewOfSection (6C) intercepted (80573B61->BA24CB30), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtOpenSection (7D) intercepted (80570FD7->BA24D53E), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtRenameKey (C0) intercepted (8064E7B6->BA24E7DC), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtSetSystemInformation (F0) intercepted (805A7BED->BA24D38E), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtSuspendProcess (FD) intercepted (8062F8D9->BA24C9B6), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtSuspendThread (FE) intercepted (805E046E->BA24CE18), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtSystemDebugControl (FF) intercepted (80649CFB->BA24CF92), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtTerminateProcess (101) intercepted (805822EC->BA24C916), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtTerminateThread (102) intercepted (8057B88F->BA24CA6C), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function NtWriteVirtualMemory (115) intercepted (8057E42A->BA24CEDC), hook C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys
Function IoCreateDevice (8059FA61) - machine code modification Method of JmpTo. jmp F7459FA8 fsdfw.sys
Functions checked: 284, intercepted: 14, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
\driver\tcpip[IRP_MJ_CREATE] = F745965A -> C:\WINDOWS\system32\Drivers\fsdfw.sys
\driver\tcpip[IRP_MJ_DEVICE_CONTROL] = F745965A -> C:\WINDOWS\system32\Drivers\fsdfw.sys
\driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = F745965A -> C:\WINDOWS\system32\Drivers\fsdfw.sys
\driver\tcpip[IRP_MJ_CLEANUP] = F745965A -> C:\WINDOWS\system32\Drivers\fsdfw.sys
Checking - complete
2. Scanning memory
Number of processes found: 42
Analyzer: process under analysis is 1692 C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 1704 C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
[ES]:Application has no visible windows
Analyzer: process under analysis is 1712 C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
[ES]:Application has no visible windows
Analyzer: process under analysis is 1836 C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
[ES]:Application has no visible windows
Analyzer: process under analysis is 1876 C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 176 C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 204 C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 252 C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 560 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 1128 C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
[ES]:Contains network functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1268 C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 1588 C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1604 C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2348 C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2736 C:\WINDOWS\system32\dla\tfswctrl.exe
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2924 C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 2960 C:\Program Files\MZ U.T\MzRamBooster.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 3020 C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
[ES]:Contains network functionality
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Number of modules loaded: 397
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll --> Suspicion for Keylogger or Trojan DLL
C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll>>> Behavioural analysis
1. Reacts to events: keyboard, mouse
C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll>>> Neural net: file with probability 99.87% like a typical keyboard/mouse events interceptor
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry ()
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr ()
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 439, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 2009-04-07 11:41:10 AM
Time of scanning: 00:01:21
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address VirusInfo conference
System Analysis in progress
System Analysis - complete Also after running GMER and the computer kept restarting now its a ongoing thing i can be in the middle of playing a game or something and the computer will restart on its own

sorry didnt catch your quot there there was a popup when Gmer was running about hope ford draw but it said it couldnt remove it i wish i would of wrote it down on what it exactly said but it didnt dawn on me Duh i also have virus security thru charter my internet provider and it also found hope ford draw i had problems with hope ford in the past but anyways charter renamed it now i dont know what it renamed it so i can get it out also while the AVZ4 was running charter indicated that it dropped a trojan dropper from 1 of its temp files

You didn't follow my AVZ instructions...

Navigate to the avz4 folder and locate the folder LOG
Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
Attach the compressed file, virusinfo_syscheck.zip, to your next reply.

Originally Posted by robert39n

sorry didnt catch your quot there there was a popup when Gmer was running about hope ford draw but it said it couldnt remove it i wish i would of wrote it down on what it exactly said but it didnt dawn on me Duh i also have virus security thru charter my internet provider and it also found hope ford draw i had problems with hope ford in the past but anyways charter renamed it now i dont know what it renamed it so i can get it out also while the AVZ4 was running charter indicated that it dropped a trojan dropper from 1 of its temp files

Hey im back did another scan with spyware anti virus while it was scanning my charter security poped up again this is what it said License Ford Hope Draw/dart cash.oxe. Trojan.Win32.obfuscated.Gen. Action Failed

Ok i think i got it this time sorry about that