Google redirect

I did not do the combofix uninstall, however I can reinstall if you wish.

You copy exactly what I have in the Codebox.

I did copy exactly what was in the codebox. Your codebox had 18 lines and my script has 18 lines(includes one blank line). If the codebox is not showing all that it should, can you please repost it in the body of the document? Thanks!

The entry is correct. It is from the DDS log. Registry entries have already been removed. What do you mean "blowing up?"

Are we still discussing the fact that you have not been able to run the script yet? Those entries need to be removed. I took you through the steps for the script to make sure you were handling the correct file extension. It was meant to help, not to irritate.

I still get the error when I drag the .txt file onto the .exe. Since this is not my laptop, I need to return it to its owner, however, I want to run this issue all the way to completion before giving it back. Your help has been great. Please let me know the next steps.

If you can't run the script to remove the files, you cannot run this to completion. I don't know how you could have downloaded Combofix and run the scan but now get error message related to installing which is not what you're trying to do!

I appreciate the fact that you are trying to help someone fix their system. But are you going to tell them you didn't know what to do so you posted on a free internet computer help board and asked a volunteer to fix it?

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Well, that was a bit snarky! I'm going to tell them I got it about 80% to completion on my own and then found some help on the internet to get it to almost 95%. I have not had a problem with any of the other steps you gave me and I too find it difficult to believe that this is proving problematic. You never confirmed whether your script in the code box was 18 lines in length. Is that indeed correct?

What you copied to the post was what I had in the codebox. I can only work with what I see and I don't see any problem with running the script. Are you sure you saved what you copied into Notepad as CFScript.txt and that you saved to the same location as the program, which should have been the desktop?

I was 'snarky' and I apologize. I had just had another member come down on me because the friend whose computer he was 'fixing' hadn't gotten a reply in 12 hours. So I lost it and I am usually a bit more patient than that. Mea Culpa.

Here's a roundup of the file extensions for Combofix:
1. combofix.exe> setup for the program that was downloaded to the desktop.
2. CFScript.txt> the name given to the copy of the script from Notepad.
3. C:\ComboFix.txt> the name of the directory in the system where the log generated from the CFScript.txt resides.

Just check your spelling once more- one letter off will throw a wrench in the drag and drop.

No problem on the snarkiness. I do realize that you are a volunteer and do this out of the goodness of your heart and for that I am grateful!!

I did attempt to uninstall ComboFix but I got the same error as I did when I tried to drag the .txt file over. Perhaps the app got corrupt? I ran OTC cleanit and it ran successfully. I am attaching my .txt file to this post for your review. Please let me know if I need to try anything else.

Thanks for your help!

So you can't uninstall Combofix, you can't run Combofix and you can't run the script through Combofix- is that right? Did you try to do another scan? Give that a try and let's see what happens.

Latest scan

Here you go. Thanks for your help!!

ComboFix 11-02-23.02 - Linda 02/23/2011 15:16:24.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.802 [GMT -5:00]
Running from: c:\users\Linda\Desktop\ComboFix2.exe
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\PCDr\5744\Downloads\687b8984-5b8f-48ca-81b2-53c017b82891.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 20:23 . 2011-02-23 20:23 -------- d-----w- c:\users\Linda\AppData\Local\temp
2011-02-23 20:23 . 2011-02-23 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 05:27 . 2011-02-14 05:27 -------- d-----w- c:\program files\Common Files\Java
2011-02-14 05:08 . 2011-02-14 05:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-14 05:08 . 2011-02-14 05:25 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-11 15:27 . 2011-02-11 15:27 7168 ----a-w- c:\windows\system32\drivers\utm0mjuw.sys
2011-02-11 15:11 . 2011-02-12 15:23 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-11 04:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-11 04:00 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-11 04:00 . 2010-12-18 06:26 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-02-11 04:00 . 2010-12-18 06:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-10 06:10 . 2011-02-10 06:11 -------- d-----w- c:\program files\Dell Support Center
2011-02-10 05:59 . 2011-02-10 06:14 -------- d-----w- c:\programdata\PCDr
2011-02-10 05:59 . 2011-02-10 06:01 -------- d-----w- c:\users\Linda\AppData\Roaming\PCDr
2011-02-10 04:30 . 2011-02-10 06:09 -------- d-----w- c:\programdata\SupportSoft
2011-02-10 04:29 . 2011-02-10 06:09 -------- d-----w- c:\program files\Common Files\supportsoft
2011-02-09 21:27 . 2011-02-09 21:27 -------- d-----w- c:\windows\en
2011-02-09 21:26 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-02-09 21:22 . 2011-02-09 21:41 -------- d-----w- c:\program files\Microsoft
2011-02-09 21:21 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-09 21:21 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-09 21:21 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-09 21:14 . 2011-02-09 21:14 -------- d-----w- c:\users\Linda\AppData\Local\Windows Live
2011-02-09 21:14 . 2011-02-09 21:14 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-09 21:13 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-09 21:12 . 2011-02-10 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-09 20:17 . 2011-02-09 20:17 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-09 20:11 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 19:39 . 2011-02-09 19:39 -------- d-----w- c:\programdata\Roaming
2011-02-09 19:38 . 2011-02-09 19:38 56 ----a-w- c:\windows\system32\IHV_Install.bat
2011-02-09 19:38 . 2011-02-09 19:38 -------- d-----w- c:\program files\Cisco
2011-02-09 19:36 . 2011-02-09 19:36 -------- d-----w- c:\programdata\Intel
2011-02-09 19:36 . 2011-02-09 19:36 -------- d-----w- c:\users\Linda\AppData\Roaming\Intel
2011-02-09 06:09 . 2011-02-09 06:09 -------- d-----w- C:\$AVG
2011-02-09 05:33 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F3E2D36-D77E-4A02-A25F-8C92206C245C}\mpengine.dll
2011-02-09 05:16 . 2011-02-09 05:16 -------- d-----w- c:\users\Linda\AppData\Roaming\AVG10
2011-02-09 05:15 . 2011-02-09 05:15 -------- d--h--w- c:\programdata\Common Files
2011-02-09 04:46 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-09 03:49 . 2011-02-09 03:49 -------- d-----w- c:\users\Linda\AppData\Roaming\SUPERAntiSpyware.com
2011-02-09 03:49 . 2011-02-09 03:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-09 03:48 . 2011-02-22 00:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-09 03:17 . 2011-02-09 03:17 -------- d-----w- c:\program files\CleanUp!
2011-02-09 02:51 . 2011-02-09 02:51 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes
2011-02-09 02:51 . 2011-02-09 02:51 -------- d-----w- c:\programdata\Malwarebytes
2011-02-09 02:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 02:51 . 2011-02-12 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 02:51 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 22:42 . 2011-02-08 22:42 388096 ----a-r- c:\users\Linda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-08 22:42 . 2011-02-08 22:42 -------- d-----w- c:\program files\Trend Micro
2011-02-08 21:51 . 2011-02-09 04:55 -------- d-----w- c:\programdata\MFAData
2011-02-08 21:31 . 2011-02-08 21:31 -------- d-----w- c:\users\Linda\AppData\Local\WindowsUpdate
2011-01-31 15:57 . 2011-01-31 15:57 -------- d-----w- c:\program files\iPod
2011-01-31 15:57 . 2011-01-31 15:58 -------- d-----w- c:\program files\iTunes
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 22:36 . 2011-01-06 22:36 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 22:36 . 2011-01-06 22:36 34744 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 22:36 . 2011-01-06 22:36 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 22:36 . 2011-01-06 22:36 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-29 06:42 . 2010-12-29 06:42 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-28 15:55 . 2011-01-12 22:42 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 22:42 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-08 18:12 . 2010-09-09 23:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2010-09-09 23:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2010-09-09 23:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2010-09-09 23:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-22 2423752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-22 12:06 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:11 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:11 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-01-27 16:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 16:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:11 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 04:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-05-10 07:00 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 utm0mjuw;AVZ Kernel Driver;c:\windows\system32\Drivers\utm0mjuw.sys [2011-02-11 7168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-06 17256]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-04-22 111616]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

2011-02-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

2011-02-23 c:\windows\Tasks\User_Feed_Synchronization-{E25AF0CE-209A-4671-829D-9113D775E90A}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {92344F64-B6DC-4365-80A0-4EA5E5B7256F} = 156.154.70.22,156.154.71.22
TCP: {9F7F5F0B-B2F9-401B-A173-FB3487657F61} = 156.154.70.22,156.154.71.22
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4ib0vqk6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 15:23
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\guard32.dll
.
Completion time: 2011-02-23 15:26:30
ComboFix-quarantined-files.txt 2011-02-23 20:26

Pre-Run: 16,949,125,120 bytes free
Post-Run: 16,945,307,648 bytes free

- - End Of File - - 80AF03435BC9355502496BB87F16B78A

Awesome! I'm setting up new script, but there is a file I can't identify:

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

• 
  [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
  
  Code:

  c:\windows\system32\Drivers\utm0mjuw.sys
  

  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

====================================
Also, will you be keeping Comodo security instead of AVG? IF so, you should run the AVG Remover. This eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
Note:

• AVG user settings will be removed.
• Virus Vault contents will be removed.
• All other items related to AVG installation and use will be removed.
• You will be asked during the removal procedure to restart your computer. Please do so.
• Make sure there is no open work in process prior toto launching AVG Remover.

Use the appropriate download for your system for the AVG Remover: AVG Remover:32bit
AVG Remover:64 bit
===================================
If any files are left after running the removal, I can include them in the script.

Here are the results. In addition, I will be using Comodo over AVG. I will uninstall AVG as directed in your post. Please let me know next steps. Thanks for your help!!!

VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 00:31:50 (EDT)
Scanner results: 79% Scanner(s) (30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32ialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32ialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virusorn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU

Well, that's not good! Your friend has a Backdoor Trojan and Porn Dialer on the system.

Please update and rerun the Eset scan.
I can remove the one entry that was identified, but there has to be more to the malware.

Somehow I'm not surprised by your findings! I re-ran the scan and it found no threats. The log is below. Please advise on next steps. Thanks for your help!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Do you have the full Eset log? I haven't removed the porn dialer/backdoor so I am curious as to where it went!

That was the only thing in the log. I am aso attaching a screen print for your review. Let me know what you think.

Sorry, but I don't open files with .doc file extensions. If there is nothing in the scan, that's okay. I would like you to try this scan:

Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Click Accept and the web scanner will begin to load
• If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
• You will be prompted to install an ActiveX component from Kaspersky, click Install
• If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT and then Scan Settings
• In the scan settings make that the following are selected:
  [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
  [o] Scan Options: Scan Archives> Scan Mail Bases
• Click OK
• Now under select a target to scan:
  [o] Select My Computer
• The program will start to scan your system.
• Once the scan is complete, click on the Save as Text button and save the file to your desktop

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

I get the following error when trying to load the updares. Whaat license has expired? Any thoughts?

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

That is usually caused by an incorrect time or date setting:

Right click on the Time in the Notification Area> Adjust Date/Time> Make sure the Date is Correct and the Time in the box is correct> Time Zone tab> Make sure the Time Zone is correct for your part of the world> Check 'Adjust for Daylight Savings Time'> Internet Time tab> Check 'Automatically sync with the Internet Time Server'> click on 'Update now> Wait for setting to be checked then close.

Note: If you get an error when internet time is checked, let me know and I'll find the navy military server which works well.[/b]