This thing is getting popups, seems to run slow, and I see weird-named BHOs such as xxyvwUkK.dll that keep coming back after I disable them in the "Manage Add-ons" box.

I don't see anything weird in run or runonce

I've run SDD, my normal, but it doesn't seem to want to fix one, and says it will do so on restart, but restart hangs.

AdAware ran clean

I've also run SmitFraudFix, SmitRem, and RogueRemover, but to the best of my knowledge, none of them found anything to fix.

However, the popups and BHOs persist, so it's beyond me... so have D/L'd the latest HJT and ran a scan which is below

Help!

Thanks!

Dave Campbell
Microsoft SIlverlight MVP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:33, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Dell\E-Center\EULALauncher.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ktfzkd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8236 bytes

This post has been edited by RatHat: Jan 12 2009, 02:51 AM

Hi there,

Welcome to WTT.

I have edited out your email address from your post. Don't want you getting spammed!

OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders (if possible);

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Under the Hidden files and folders heading SELECT Show hidden files and folders.
• UNCHECK the Hide protected operating system files (recommended) option.
• UNCHECK the Hide extensions for known file types option.
• Click Yes to confirm.
• Click OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Not much showing in your log, so lets have a better look. Firstly though, disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Random's System Information Tool (RSIT) by random/random and save it to your Desktop.

• Double click on RSIT.exe to run the program.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note: A copy of these logs will be saved to your root drive, usually C:\rsit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following logs:

• The contents of GMER.txt
• The contents of the two RSIT logs

Please make a separate post for each log.

Regards,
RatHat

Thanks RatHat

Here is GMER.txt:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-12 05:46:52
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code 864D01D0 ZwEnumerateKey
Code 86BF2B08 ZwFlushInstructionCache
Code AA1BE54C pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86BF2B0C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP 864D01D4
? C:\WINDOWS\System32\drivers\avgldx866.sys The process cannot access the file because it is being used by another process.

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\avgldx866 \Device\avgldx866 A9FF358A
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat A8822D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\senekaikxradpr.sys (*** hidden *** ) AA1BC000-AA1D5000 (102400 bytes)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\senekaikxradpr.sys (*** hidden *** ) [SYSTEM] seneka <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@imagepath \systemroot\system32\drivers\senekaikxradpr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.dll \systemroot\system32\senekaifqqumdx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekaikxradpr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\seneka
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@imagepath \systemroot\system32\drivers\senekaikxradpr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules@seneka.dll \systemroot\system32\senekaifqqumdx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekaikxradpr.sys

---- EOF - GMER 1.0.14 ----

Here is the first of the results from RSIT:

info.txt logfile of random's system information tool 1.05 2009-01-12 05:47:52

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Photo Editor-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Advanced Photo Editor\DeIsL1.isu" -c"C:\Program Files\Cosmi\Advanced Photo Editor\_ISREG32.DLL"
Any Video Converter Professional 2.6.7-->"C:\Program Files\Any Video Converter Professional\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Corel Snapfire muvee autoProducer add-on-->MsiExec.exe /X{72470D12-2CCA-4324-AFF9-F1396A2168EA}
Corel Snapfire Plus-->MsiExec.exe /X{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}
Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell AIO Printer 948-->C:\Program Files\Dell AIO Printer 948\Install\x86\Uninst.exe
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center-->MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
eGames GameButler-->C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Fetch-->C:\Program Files\ValuSoft\Fetch\data\FetchUninstaller.exe
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections 12.1.8.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JumpStart World Presents Pet Playground-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_7dcb4097\Setup.exe /APR-REMOVE
MahJongg Master 6-->C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Malwarebytes' RogueRemover PRO-->"C:\Program Files\RogueRemover PRO\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Moyea FLV Editor Pro Version: 3.1.14.0-->"C:\Program Files\Moyea\FLV Editor Pro\unins000.exe"
MRU-Blaster v1.5 (Database 3/28/2004)-->"C:\Program Files\MRU-Blaster\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64367D02-ADA8-4FA0-B348-27F25C60BC7B}\Setup.exe" -l0x9
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Remove Betty Boop Screen Saver-->C:\WINDOWS\unstall.exe
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung USB Driver (MCCI 4.16)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spell Checker For OE 2.1-->C:\Program Files\Common Files\Microsoft Shared\proof\Uninstal.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: BETTYSPC
Event Code: 27
Message: Intel® 82562V-2 10/100 Network Connection
Link has been disconnected.

Record Number: 37332
Source Name: e1express
Time Written: 20080813231515.000000-420
Event Type: warning
User:

Computer Name: BETTYSPC
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 001AA09D420D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 37331
Source Name: Dhcp
Time Written: 20080813221528.000000-420
Event Type: error
User:

Computer Name: BETTYSPC
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{56FD7054-A8D7-40DB-86C0-A0C373951DC3} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 37330
Source Name: Tcpip
Time Written: 20080813221527.000000-420
Event Type: information
User:

Computer Name: BETTYSPC
Event Code: 33
Message: Intel® 82562V-2 10/100 Network Connection
Link has been established: 100Mbps full duplex.

Record Number: 37329
Source Name: e1express
Time Written: 20080813221526.000000-420
Event Type: information
User:

Computer Name: BETTYSPC
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{56FD7054-A8D7-40DB-86C0-A0C373951DC3} because a master browser was stopped.

Record Number: 37328
Source Name: BROWSER
Time Written: 20080813221512.000000-420
Event Type: information
User:

Application event log

Computer Name: BETTYSPC
Event Code: 4354
Message: The COM+ Event System failed to fire the StopScreenSaver method on subscription {A675A97B-717C-466F-8E96-65DC6112125A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 800706BB.
Record Number: 34571
Source Name: EventSystem
Time Written: 20081111175249.000000-420
Event Type: warning
User:

Computer Name: BETTYSPC
Event Code: 4354
Message: The COM+ Event System failed to fire the StartScreenSaver method on subscription {A675A97B-717C-466F-8E96-65DC6112125A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 800706BB.
Record Number: 34570
Source Name: EventSystem
Time Written: 20081111175249.000000-420
Event Type: warning
User:

Computer Name: BETTYSPC
Event Code: 4354
Message: The COM+ Event System failed to fire the StopScreenSaver method on subscription {A675A97B-717C-466F-8E96-65DC6112125A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 800706BB.
Record Number: 34569
Source Name: EventSystem
Time Written: 20081111175248.000000-420
Event Type: warning
User:

Computer Name: BETTYSPC
Event Code: 4354
Message: The COM+ Event System failed to fire the StartScreenSaver method on subscription {A675A97B-717C-466F-8E96-65DC6112125A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 800706BB.
Record Number: 34568
Source Name: EventSystem
Time Written: 20081111175248.000000-420
Event Type: warning
User:

Computer Name: BETTYSPC
Event Code: 4354
Message: The COM+ Event System failed to fire the StopScreenSaver method on subscription {A675A97B-717C-466F-8E96-65DC6112125A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 800706BB.
Record Number: 34567
Source Name: EventSystem
Time Written: 20081111175247.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

And here is the second log from RSIT:




Logfile of random's system information tool 1.05 (written by random/random)
Run by Betty Campbell at 2009-01-12 05:47:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (68%) free of 76 GB
Total RAM: 1013 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:47:49, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Dell\E-Center\EULALauncher.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Betty Campbell.BETTYSPC\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Betty Campbell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BA808A7-E781-4538-A71A-89882F050E02} - C:\WINDOWS\system32\xxyvwUkK.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: {c58fe1fc-c259-f278-9cd4-10d50906aef3} - {3fea6090-5d01-4dc9-872f-952ccf1ef85c} - C:\WINDOWS\system32\ktfzkd.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ktfzkd.dll
O20 - Winlogon Notify: nnnoMCvW - nnnoMCvW.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9187 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\prwxevim.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BA808A7-E781-4538-A71A-89882F050E02}]
C:\WINDOWS\system32\xxyvwUkK.dll [2009-01-11 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3fea6090-5d01-4dc9-872f-952ccf1ef85c}]
C:\WINDOWS\system32\ktfzkd.dll [2009-01-11 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 136600]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-06-13 69632]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"dscactivate"=c:\dell\dsca.exe [2007-07-30 16384]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"dldfmon.exe"=C:\Program Files\Dell AIO Printer 948\dldfmon.exe [2007-07-03 455304]
"MemoryCardManager"=C:\Program Files\Dell AIO Printer 948\memcard.exe [2007-07-03 410248]
"Dell AIO Printer 948 Fax Server"=C:\Program Files\Dell AIO Printer 948\fm3032.exe [2007-07-03 307848]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MRUBlaster"=C:\Program Files\MRU-Blaster\indexcleaner.exe [2003-01-05 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\Betty Campbell.BETTYSPC\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll ktfzkd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoMCvW]
nnnoMCvW.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyvwUkK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dldfcoms.exe"="C:\WINDOWS\system32\dldfcoms.exe:*:Enabled:Dell Communications System"
"C:\Program Files\Dell AIO Printer 948\dldfmon.exe"="C:\Program Files\Dell AIO Printer 948\dldfmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe:*:Enabled:Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Dell AIO Printer 948\dldfaiox.exe"="C:\Program Files\Dell AIO Printer 948\dldfaiox.exe:*:Enabled:AIOC exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-12 05:47:45 ----D---- C:\rsit
2009-01-12 05:43:05 ----A---- C:\WINDOWS\gmer.ini
2009-01-12 05:43:03 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-12 05:43:03 ----A---- C:\WINDOWS\gmer.dll
2009-01-12 05:43:02 ----A---- C:\WINDOWS\gmer.exe
2009-01-11 15:48:11 ----D---- C:\Program Files\Trend Micro
2009-01-11 15:47:38 ----D---- C:\WINDOWS\ERDNT
2009-01-11 15:47:16 ----D---- C:\Program Files\ERUNT
2009-01-11 15:01:03 ----ASH---- C:\WINDOWS\system32\KkUwvyxx.ini2
2009-01-11 14:20:52 ----A---- C:\WINDOWS\system32\tmp.txt
2009-01-11 14:20:42 ----A---- C:\rapport.txt
2009-01-11 14:14:30 ----D---- C:\WINDOWS\temp
2009-01-11 14:11:06 ----A---- C:\smitfiles.txt
2009-01-11 14:09:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-11 13:57:27 ----D---- C:\Program Files\RogueRemover PRO
2009-01-11 12:49:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-11 09:18:03 ----D---- C:\Documents and Settings\Betty Campbell.BETTYSPC\Application Data\cogad
2009-01-11 09:17:43 ----D---- C:\WINDOWS\system32\tp2
2009-01-11 09:17:43 ----D---- C:\WINDOWS\system32\enUZ
2009-01-11 09:17:41 ----D---- C:\Temp
2009-01-11 09:09:42 ----ASH---- C:\WINDOWS\system32\arhntcrg.ini
2009-01-11 09:09:35 ----A---- C:\WINDOWS\system32\ktfzkd.dll
2009-01-11 09:08:06 ----ASH---- C:\WINDOWS\system32\KkUwvyxx.ini
2009-01-11 09:07:58 ----A---- C:\WINDOWS\system32\xxyvwUkK.dll
2009-01-11 09:02:56 ----A---- C:\WINDOWS\system32\urqNDvus.dll
2009-01-10 20:06:04 ----D---- C:\Documents and Settings\Betty Campbell.BETTYSPC\Application Data\Yahoo!
2009-01-10 20:06:02 ----D---- C:\Program Files\Yahoo!
2009-01-10 20:06:00 ----D---- C:\Program Files\CCleaner
2009-01-10 19:58:37 ----D---- C:\Program Files\MRU-Blaster
2008-12-29 12:52:18 ----D---- C:\Documents and Settings\Betty Campbell.BETTYSPC\Application Data\Moyea
2008-12-29 12:52:11 ----D---- C:\Program Files\Moyea
2008-12-27 12:51:00 ----D---- C:\Documents and Settings\Betty Campbell.BETTYSPC\Application Data\Any Video Converter Professional
2008-12-27 12:50:56 ----D---- C:\Program Files\Any Video Converter Professional
2008-12-26 22:13:55 ----D---- C:\Documents and Settings\Betty Campbell.BETTYSPC\Application Data\FLV Extract
2008-12-16 04:20:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 04:20:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-16 04:20:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-16 04:20:09 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-01-12 05:43:05 ----D---- C:\WINDOWS
2009-01-12 05:43:03 ----D---- C:\WINDOWS\system32\drivers
2009-01-12 05:41:32 ----D---- C:\Dave
2009-01-12 05:39:18 ----D---- C:\WINDOWS\Prefetch
2009-01-12 05:33:15 ----A---- C:\WINDOWS\WSST_Screen_Saver.ini
2009-01-12 01:12:20 ----HD---- C:\$AVG8.VAULT$
2009-01-12 01:11:18 ----D---- C:\WINDOWS\system32
2009-01-11 15:48:11 ----RD---- C:\Program Files
2009-01-11 15:28:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-11 15:26:11 ----D---- C:\MDT
2009-01-11 15:00:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-11 14:59:34 ----A---- C:\WINDOWS\wininit.ini
2009-01-11 14:40:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-11 14:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 12:51:35 ----SHD---- C:\WINDOWS\Installer
2009-01-11 12:51:35 ----D---- C:\Config.Msi
2009-01-11 12:50:06 ----D---- C:\Program Files\Lavasoft
2009-01-11 12:49:16 ----D---- C:\Program Files\Common Files
2009-01-11 12:47:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-11 09:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-11 09:03:05 ----SD---- C:\WINDOWS\Tasks
2009-01-10 20:07:02 ----D---- C:\WINDOWS\Debug
2009-01-10 20:07:00 ----D---- C:\WINDOWS\Minidump
2008-12-27 12:55:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 10:56:01 ----D---- C:\Documents and Settings\Betty Campbell.BETTYSPC\Application Data\Corel
2008-12-19 03:01:01 ----HD---- C:\WINDOWS\inf
2008-12-19 03:00:57 ----SHD---- C:\WINDOWS\system32\dllcache
2008-12-19 03:00:54 ----D---- C:\WINDOWS\ie7updates
2008-12-19 03:00:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 04:19:48 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 avgldx866;avgldx866; C:\WINDOWS\System32\drivers\avgldx866.sys [2009-01-11 86144]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-26 254872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-13 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-13 4403712]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-12 85969]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 dldf_device;dldf_device; C:\WINDOWS\system32\dldfcoms.exe [2007-06-25 598664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-16 152984]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-25 98952]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Dave,

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure of how to disable these programs, please refer to this page for details.

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Note: If you are unsure about anything, a very good Combofix tutorial can be found here.

Hi...

That one found the culprit I think.

It said it found a rootkit virus, had me write it down and rebooted then started over before producing the log.

What it originally found was:

c:\windows\system32\Drivers\senekaikxradpr.sys
c:\windows\system32\senekaifqqumdx.dll

and here is the log produced by the tool, and THANKS by the way!

ComboFix 09-01-11.03 - Betty Campbell 2009-01-12 6:25:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.655 [GMT -7:00]
Running from: c:\documents and settings\Betty Campbell.BETTYSPC\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\BETTYC~1.BET\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\BETTYC~1.BET\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Betty Campbell.BETTYSPC\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\tn3
c:\windows\system32\arhntcrg.ini
c:\windows\system32\drivers\avgldx866.sys
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaikxradpr.sys
c:\windows\system32\KkUwvyxx.ini
c:\windows\system32\KkUwvyxx.ini2
c:\windows\system32\ktfzkd.dll
c:\windows\system32\senekaifqqumdx.dll
c:\windows\system32\tmp.reg
c:\windows\system32\x64
c:\windows\system32\xxyvwUkK.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_AVGLDX866
-------\Legacy_PACKET
-------\Service_avgldx866


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-12 05:47 . 2009-01-12 05:47 <DIR> d-------- C:\rsit
2009-01-12 05:43 . 2009-01-12 05:43 250 --a------ c:\windows\gmer.ini
2009-01-11 15:48 . 2009-01-11 15:48 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 15:47 . 2009-01-11 15:47 <DIR> d-------- c:\program files\ERUNT
2009-01-11 14:26 . 2009-01-11 14:26 2,014 -rah----- c:\windows\system32\drivers\hosts
2009-01-11 13:57 . 2009-01-11 13:57 <DIR> d-------- c:\program files\RogueRemover PRO
2009-01-11 12:49 . 2009-01-11 12:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 09:18 . 2009-01-12 00:07 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\cogad
2009-01-11 09:17 . 2009-01-11 09:17 <DIR> d-------- c:\windows\system32\tp2
2009-01-11 09:17 . 2009-01-11 09:17 <DIR> d-------- c:\windows\system32\enUZ
2009-01-11 09:17 . 2009-01-11 09:17 <DIR> d-------- c:\temp\tmp90
2009-01-11 09:17 . 2009-01-12 06:26 <DIR> d-------- C:\Temp
2009-01-11 09:02 . 2009-01-11 09:02 46,080 --a------ c:\windows\system32\urqNDvus.dll
2009-01-10 20:06 . 2009-01-11 12:57 <DIR> d-------- c:\program files\Yahoo!
2009-01-10 20:06 . 2009-01-10 20:06 <DIR> d-------- c:\program files\CCleaner
2009-01-10 20:06 . 2009-01-10 20:06 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Yahoo!
2009-01-10 19:58 . 2009-01-10 19:59 <DIR> d-------- c:\program files\MRU-Blaster
2008-12-29 12:52 . 2008-12-29 12:52 <DIR> d-------- c:\program files\Moyea
2008-12-29 12:52 . 2008-12-29 12:53 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Moyea
2008-12-27 12:51 . 2008-12-27 12:57 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Any Video Converter Professional
2008-12-27 12:50 . 2008-12-27 12:51 <DIR> d-------- c:\program files\Any Video Converter Professional
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\FLV Extract
2008-12-16 04:20 . 2008-12-16 04:19 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 12:58 14,848 --sha-w c:\program files\Thumbs.db
2009-01-11 21:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-11 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 19:50 --------- d-----w c:\program files\Lavasoft
2009-01-11 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-27 19:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 17:56 --------- d-----w c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Corel
2008-12-16 11:19 --------- d-----w c:\program files\Java
2008-12-10 10:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 02:21 --------- d-----w c:\program files\FLVHosting
2008-11-18 02:19 --------- d-----w c:\program files\FLV Encoder Ver 3.00
2008-06-24 05:11 1,353,296 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-02-01 22:06 1,834,463 ----a-w c:\program files\Dave & Betty.jpg
2008-02-01 22:03 1,710,593 ----a-w c:\program files\Bruce & Donna.jpg
2008-02-01 21:56 2,024,244 ----a-w c:\program files\Donna & Betty 2004.jpg
2008-01-11 04:06 2,293,848 ----a-w c:\program files\FLV PlayerFCSetup.exe
2006-03-20 22:34 4,796,416 ----a-w c:\program files\mplayerc.exe
2008-07-08 01:24 88 --sha-r c:\windows\system32\8BEB61B077.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-07-03 455304]
"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-07-03 410248]
"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-07-03 307848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MRUBlaster"="c:\program files\MRU-Blaster\indexcleaner.exe" [2003-01-05 32768]

c:\documents and settings\Betty Campbell.BETTYSPC\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-07-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-03-28 1216512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll ktfzkd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\xxyvwUkK

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-08 97928]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-08 76040]
R4 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
S4 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2007-12-01 98952]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-10 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 17:12]

2009-01-12 c:\windows\Tasks\prwxevim.job
- c:\windows\system32\rundll32.exe [2008-04-13 17:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3fea6090-5d01-4dc9-872f-952ccf1ef85c} - c:\windows\system32\ktfzkd.dll
BHO-{5AC35AF6-7269-4B58-9EA7-7B7379EBF587} - c:\windows\system32\xxyvwUkK.dll
Notify-nnnoMCvW - nnnoMCvW.dll


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 06:31:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\dldfcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2009-01-12 6:35:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 13:35:49

Pre-Run: 54,048,530,432 bytes free
Post-Run: 53,929,648,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

202 --- E O F --- 2008-12-19 10:01:02

Getting there Dave,

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:




3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.

That didn't work quite as smoothly as I hoped.

I turned off AVG resident scanner as you mentioned in the previous message for running ComboFix. Unfortunately, AVG lied about it and didn't show it was off in the main status window, so ComboFix didn't think it was off.

ComboFix also took an update while in the process ( I figured what the heck, newer is better).

So I restarted the process by dragging, and ComboFix decided if I wanted to run with AVG on, it was up to me.

After that, it appeared to be running what you asked and here's the log:

ComboFix 09-01-11.04 - Betty Campbell 2009-01-12 7:29:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.537 [GMT -7:00]
Running from: c:\documents and settings\Betty Campbell.BETTYSPC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Betty Campbell.BETTYSPC\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\urqNDvus.dll
c:\windows\Tasks\prwxevim.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\prwxevim.job

.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-12 05:47 . 2009-01-12 05:47 <DIR> d-------- C:\rsit
2009-01-12 05:43 . 2009-01-12 05:43 250 --a------ c:\windows\gmer.ini
2009-01-11 15:48 . 2009-01-11 15:48 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 15:47 . 2009-01-11 15:47 <DIR> d-------- c:\program files\ERUNT
2009-01-11 14:26 . 2009-01-11 14:26 2,014 -rah----- c:\windows\system32\drivers\hosts
2009-01-11 13:57 . 2009-01-11 13:57 <DIR> d-------- c:\program files\RogueRemover PRO
2009-01-11 12:49 . 2009-01-11 12:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 09:18 . 2009-01-12 00:07 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\cogad
2009-01-11 09:17 . 2009-01-11 09:17 <DIR> d-------- c:\windows\system32\tp2
2009-01-11 09:17 . 2009-01-11 09:17 <DIR> d-------- c:\windows\system32\enUZ
2009-01-11 09:17 . 2009-01-11 09:17 <DIR> d-------- c:\temp\tmp90
2009-01-11 09:17 . 2009-01-12 06:26 <DIR> d-------- C:\Temp
2009-01-10 20:06 . 2009-01-11 12:57 <DIR> d-------- c:\program files\Yahoo!
2009-01-10 20:06 . 2009-01-10 20:06 <DIR> d-------- c:\program files\CCleaner
2009-01-10 20:06 . 2009-01-10 20:06 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Yahoo!
2009-01-10 19:58 . 2009-01-10 19:59 <DIR> d-------- c:\program files\MRU-Blaster
2008-12-29 12:52 . 2008-12-29 12:52 <DIR> d-------- c:\program files\Moyea
2008-12-29 12:52 . 2008-12-29 12:53 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Moyea
2008-12-27 12:51 . 2008-12-27 12:57 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Any Video Converter Professional
2008-12-27 12:50 . 2008-12-27 12:51 <DIR> d-------- c:\program files\Any Video Converter Professional
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\FLV Extract
2008-12-16 04:20 . 2008-12-16 04:19 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 12:58 14,848 --sha-w c:\program files\Thumbs.db
2009-01-11 21:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-11 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 19:50 --------- d-----w c:\program files\Lavasoft
2009-01-11 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-27 19:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 17:56 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-24 17:56 --------- d-----w c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\Corel
2008-12-16 11:19 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 10:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 02:21 --------- d-----w c:\program files\FLVHosting
2008-11-18 02:19 --------- d-----w c:\program files\FLV Encoder Ver 3.00
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-06-24 05:11 1,353,296 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-02-01 22:06 1,834,463 ----a-w c:\program files\Dave & Betty.jpg
2008-02-01 22:03 1,710,593 ----a-w c:\program files\Bruce & Donna.jpg
2008-02-01 21:56 2,024,244 ----a-w c:\program files\Donna & Betty 2004.jpg
2008-01-11 04:06 2,293,848 ----a-w c:\program files\FLV PlayerFCSetup.exe
2006-03-20 22:34 4,796,416 ----a-w c:\program files\mplayerc.exe
2008-07-08 01:24 88 --sha-r c:\windows\system32\8BEB61B077.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Betty Campbell.BETTYSPC\Application Data\cogad ----


---- Directory of C:\Temp ----

2009-01-11 09:17 1858 --a------ c:\temp\tmp90\v2RI.log

---- Directory of c:\temp\tmp90 ----

2009-01-11 09:17 1858 --a------ c:\temp\tmp90\v2RI.log

---- Directory of c:\windows\system32\enUZ ----


---- Directory of c:\windows\system32\tp2 ----

2009-01-04 19:19 144384 --a------ c:\windows\system32\tp2\EN2tC23.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-07-03 455304]
"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-07-03 410248]
"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-07-03 307848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Betty Campbell.BETTYSPC\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-07-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-03-28 1216512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll ktfzkd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-08 97928]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-08 76040]
R4 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
S4 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2007-12-01 98952]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-10 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 17:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 07:31:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-12 7:32:58
ComboFix-quarantined-files.txt 2009-01-12 14:32:56
ComboFix2.txt 2009-01-12 13:35:53

Pre-Run: 53,912,301,568 bytes free
Post-Run: 53,902,389,248 bytes free

187 --- E O F --- 2008-12-19 10:01:02

Looks like it did its job though

I would like you to upload a file to be scanned

• Please go to VirSCAN.org
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • c:\windows\system32\tp2\EN2tC23.exe
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Open Notepad and paste the contents into a new Notepad file using Ctrl and V at the same time.
• Save the notepad file to your desktop as VirScan.txt and copy the contents into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text an pressing CTRL and C at the same time

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

Well well well... you're still finding stuff!

Here's the VirScan report:

VirSCAN.org Scanned Report :
Scanned time : 2009/01/12 08:00:49 (MST)
Scanner results: 3% Scanner(1/38) found malware!
File Name : EN2tC23.exe
File Size : 144384 byte
File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5 : 093d4bdafb90feab765e2d0e57d6d359
SHA1 : efe77086308c933a26d20875edbf9e0f192c0b43
Online report : http://virscan.org/report/5a6155dcf8636602...7fa562a3c3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20090111183159 2009-01-11 2.57 -
AhnLab V3 2009.01.13.00 2009.01.13 2009-01-13 2.11 -
AntiVir 7.9.0.54 7.1.1.101 2009-01-12 1.76 -
Antiy 2.0.18 20090105.1950502 2009-01-05 0.02 -
Authentium 5.1.1 200901101808 2009-01-10 1.15 -
AVAST! 3.0.1 090111-1 2009-01-11 0.03 -
AVG 7.5.52.442 270.10.6/1888 2009-01-12 1.86 -
BitDefender 7.81008.2441579 7.23114 2009-01-12 2.32 -
CA (VET) 9.0.0.143 31.6.6304 2009-01-12 5.46 -
ClamAV 0.94.2 8854 2009-01-12 0.07 -
Comodo 3.0 919 2009-01-12 1.14 -
CP Secure 1.1.0.715 2009.01.11 2009-01-11 6.58 -
Dr.Web 4.44.0.9170 2009.01.12 2009-01-12 3.87 -
ewido 4.0.0.2 2008.12.31 2008-12-31 10.26 -
F-Prot 4.4.4.56 20090112 2009-01-12 1.17 -
F-Secure 5.51.6100 2009.01.12.07 2009-01-12 0.20 -
Fortinet 2.81-3.117 9.918 2009-01-11 0.76 Suspicious
GData 19.2395/19.181 20090112 2009-01-12 3.53 -
ViRobot 20090112 2009.01.12 2009-01-12 1.07 -
Ikarus T3.1.01.45 2009.01.12.72139 2009-01-12 4.39 -
JiangMin 11.0.706 2009.01.12 2009-01-12 1.79 -
Kaspersky 5.5.10 2009.01.12 2009-01-12 0.12 -
KingSoft 2008.9.8.18 2009.1.12.20 2009-01-12 0.61 -
McAfee 5.3.00 5492 2009-01-11 3.14 -
Microsoft 1.4205 2009.01.12 2009-01-12 13.04 -
mks_vir 2.01 2009.01.10 2009-01-10 2.77 -
Norman 5.93.01 5.93.00 2009-01-05 6.02 -
Panda 9.05.01 2009.01.11 2009-01-11 4.37 -
Trend Micro 8.700-1004 5.764.03 2009-01-11 0.05 -
Quick Heal 10.00 2008.11.17 2008-11-17 1.40 -
Rising 20.0 21.12.02.00 2009-01-12 2.85 -
Sophos 2.82.1 4.37 2009-01-12 2.28 -
Sunbelt 4756 4756 2009-01-08 0.73 -
Symantec 1.3.0.24 20090111.004 2009-01-11 0.66 -
nProtect 20090112.01 2878121 2009-01-12 10.64 -
The Hacker 6.3.1.2 v00218 2009-01-11 0.69 -
VBA32 3.12.8.10 20090110.1127 2009-01-10 1.55 -
VirusBuster 4.5.11.10 10.100.22/762469 2009-01-11 1.21 -



and here's the result of the registry query:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll ktfzkd.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Staying on the safe side Dave.

Please copy the entire contents of the codebox below into Notepad:

• Open Notepad
• Copy the contents of the codebox below using CTRL C

• Now return to Notepad and use CTRL V to paste the script
• Verify that you have pasted the complete script
• Save the Notepad file to your Desktop as FixReg.reg using Save as Type: All files
• Locate FixReg.reg on your desktop
• Double click to run, and when prompted Allow the file to merge with your registry
• OK your way out.

After that, Reboot.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log, and let me know how the machine is running now.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

I think you got it this time!

I'm going to post these and head to work... I'm going to be over an hour late the way it is, but wanted to at least get to where you asked for a fresh HJT log...

It rebooted like a dream this last time, MBAM found nothing, and I have that log and the HJT log attached.

Thanks a bunch... I'll check for messages after I get to work

-Dave

Malwarebytes' Anti-Malware 1.32
Database version: 1645
Windows 5.1.2600 Service Pack 3

1/12/2009 8:35:31 AM
mbam-log-2009-01-12 (08-35-31).txt

Scan type: Quick Scan
Objects scanned: 55327
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:06, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Dell\E-Center\EULALauncher.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8906 bytes

Looks like we are almost there Dave.

Lets have a bit of a cleanup.

Firstly lets uninstall GMER:

• Copy the entire contents of the Code Box below to Notepad.
• Name the file as gmer_uninstall.bat
• Change the Save as Type to All Files
• and Save it in the folder where GMER.exe was saved
• Once saved, double click on the gmer_uninstall.bat file. a MSDOS window will be displayed. That is normal.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please uninstall the following programs:

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5

• Go to Start then Settings, then Control Panel
• Choose Add or Remove Programs
• Remove all of the above as they allow old Java exploits into the machine

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now to keep on the safe side, lets have one more check.

Please run an online scan with Kaspersky WebScanner.
Note: You must use Internet Explorer to run this scan, and you must disable your Anti Virus program during the scan.

Click the Accept button.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display the results if your system has been infected.
  
  • Now click on the View scan report link:
• Click the Save report as button
• Under Save as type, choose Text file (*.txt)
• Save the file to your desktop as Kaspersky.txt
• Copy and paste that information in your next post.

It's getting late over here, so I will be getting some shuteye soon. Post me the log and I will pick it up in the morning before I take my daughter to school. Hopefully all it will find will be what's in Combofix's quarantine, and anything in System Restore, which we can deal with quite easily.

Regards,
RatHat

I did all that, and Kapersky came back totally clean... a blank report.

Apparently AVG popped a couple boxes during the day today, but since I've had it off while doing this, I can't comment on that.

What do you think?

-Dave