nasty virus or trojan?

Hi,
First of all, I did follow the READ & RUN ME FIRST thread, so hopefully I've gathered all the information you need.

History
This is a brand new HP PC picked up a week ago by a friend of mine from the store. I installed some extra software for her, but nothing that would create the following problems. Everything worked perfectly when I gave it to her last weekend. Yesterday, she brought it in with a "sound problem". I started checking the sound, and it seemed ok at first, but then the hell got lose...

Problems
Everything seems to be working fine for about a minute after the user logs in. After that the firewall service is totally disabled. The Wireless Network Connection panel reports that another program is controlling functions to choose a wireless network, and that the WZC service needs to be started. It's set to automatic, but it doesn't start automatically. When I start the service, the panel then allows to choose a network, but after connecting, it can't automatically set an IP that NAT is assigning it from my router, so the connection is limited. Manual IP renew doesn't work. I tried the NETSH WINSOCK RESET command several times, and it worked fine... for a minute after the system was rebooted and I logged in. Device manager shows no problems, although "Scan for new devices" option is gone. But Skype reports there are no sound devices installed. The sound on the PC sometimes works and sometimes doesn't. I would reinstall the driver, but this is pointless, since EVERYTHING from the above works fine initially, and then all the problems kick in at once. I'm sure there are other symptoms, but this is enough for me to treat this as a virus/torjan issue. I've run a procedure to even reset configuration of WMI, all to no avail.

Antivirus/antispyware progress
Before I even found this forum, I've run Spybot S&D, Lavasoft Ad-aware, and McAfee antivirus scans several times, all reports running smoothly and indicating no major problems (minor cookies, etc).
Then I did everything from the READ & RUN ME FIRST thread, and all the antivirus/spyware/malware tools reported nothing major, if anything at all.
I've collected all the logs, in which I can't find anything, but then again, I don't have much experience searching for trojans in logs.

I would really appreciate your help on this.
Files are attached.
Thanks

 

remaining files are attached

 

since I'm using GoBack, System Restore is turned off. And GoBack doesn't hold history for longer than few days. If it is one of the cracks I installed, then apparently it must be a virus/trojan that is residing on the PC.
There is no way to back out, so can you tell me anything more that may be causing the problems?
Thank you.

 

well, I was able to find one active virus, through Spybot's report of working processes: System32.exe. I removed that, but it didn't help anything. Then I stumbled upon this info: http://windowsxp.mvps.org/sharedaccess.htm and I used "sharedaccess.reg" to rebuild the registry, then reset the winsock. After that everything started working like a charm. Everything worked perfectly for 2 days - 1 day while I was doing minor improvements and cleanups, another day when she picked it up and took it home. But today she just called me again and told me the same thing happened...
Now I'm totally buffled...
I can now of couse easily revert using GoBack, but why is this happening, seems like only where she's using the coputer?... BUt she's also behind a secured NATed router, so I doubt anyone's actively exploiting that computer...
Not when it's behind the router...

The only thing I can think of is another anomalie I wasn't able to fix nor figure out, and maybe that is the key to the cause of these problems as a vulnerability:
Ever since the last MS updates I did on that computer 2 weeks ago, there was one last piece called MXML SP2 security patch (or something similar - I don't remember right now and don't have that coputer here yet). Every time this patch would be reported as installed (either through MS Update's engine, or through the automatic updates running process), and even though it's reported as installed, and it is residing as installed in the list of programs, automatic updates process keeps repeating the process, as if it sensed that this particular patch was not installed. The MS Updates engine (their website) does the same thing, whenever I go to check for updates, it always shows and installs this one. I even downloaded that file manually from MS support site and reinstalled it (although without removing it) myself, so I know it's installed. But somehow the MS verification routine does not see it as installed...
Would this constitute and type of vulerability through which all these problems may be caused?

 

I'm not sure. I ran all antivirus applications and collected the logs on monday, and then didn't touch that laptop 'til friday, so it was turned off. On friday I found that system32.exe when I was looking through spybot's running processes list. Once I removed it then, I've not seen it come up after that.

So to give a little up to date status, after she brought it back to me again, I rebuilt the registry and reset winsock again, but this time I also cleared GoBack history (totally, by disabling it, and after fixing everything, I enabled it back). System restore is not an issue, since it's turned off, because it's a redundant service when GoBack is installed. She took the PC back and it was working fine for few days, then the problem came back. But about an hour ago she called and said that ever since yesterday, everything is working like a charm...
Go figure...
It sounds less and less like a virus or trojan. Maybe it was just a weird MS issue that they finally took care of by an update.
I just hope the problem will not come back.