I had a virus, have tried to get rid of it and only made the problem worse. I deleted my rpccs, thinking that it was infected and now am having multiple problems. I have no audio, can not drag&drop, start menu not showing on desktop, nor anything else. I ran Hijackthis and combofix...here are the logs. Any help with this would be greatly appreciated, and thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:14 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpande r.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F6A17D5-E9C2-4CB8-899A-37C66E09E8FD} - C:\WINDOWS\system32\khfgfggd.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {D77C0AEF-1D5E-47C1-89E5-38070A0BAEC8} - C:\WINDOWS\system32\tuvwwxvu.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMaba9d9d0] Rundll32.exe "C:\WINDOWS\system32\roujordd.dll",s
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-21-3731759254-511740011-739853798-1009\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-3731759254-511740011-739853798-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3731759254-511740011-739853798-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-3731759254-511740011-739853798-1009\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User '?')
O4 - HKUS\S-1-5-21-3731759254-511740011-739853798-1009\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - S-1-5-21-3731759254-511740011-739853798-1009 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - S-1-5-21-3731759254-511740011-739853798-1009 Startup: VirtualExpander.lnk = C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpande r.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpande r.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102441299484
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.securedshopper.com/Simply...lick/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...18/mcgdmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9766 bytes

ComboFix 08-05-01.3 - Deborah 2008-05-04 17:16:04.2 - NTFSx86
Running from: C:\Documents and Settings\Deborah\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 14:50 . 2008-05-04 14:50 <DIR> d-------- C:\Documents and Settings\Deborah\Application Data\Comodo
2008-05-04 14:50 . 2008-05-04 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-04 14:50 . 2008-05-04 14:50 139,008 --a------ C:\WINDOWS\SYSTEM32\guard32.dll
2008-05-04 14:50 . 2008-05-04 14:50 87,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdguard.sys
2008-05-04 14:50 . 2008-05-04 14:50 23,824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys
2008-05-04 14:48 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-05-04 14:48 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-05-04 14:48 . 2004-08-04 01:56 22,528 --a------ C:\WINDOWS\SYSTEM32\wsock32.dlb
2008-05-04 14:47 . 2008-05-04 14:50 <DIR> d-------- C:\Program Files\Comodo
2008-05-04 14:47 . 2008-05-04 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC426
2008-05-04 14:47 . 2008-05-04 16:37 10,074 --a------ C:\WINDOWS\BOC426.INI
2008-05-02 16:36 . 2008-05-02 16:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 13:08 . 2008-05-02 13:08 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-02 13:08 . 2008-05-02 13:08 <DIR> d-------- C:\Documents and Settings\Deborah\Application Data\BitTorrent
2008-04-30 20:17 . 2008-04-30 20:17 <DIR> d-------- C:\Documents and Settings\Deborah\Download
2008-04-30 20:17 . 2008-04-30 20:17 2,104 --a------ C:\Documents and Settings\Deborah\Application Data\update.log
2008-04-28 14:10 . 2008-05-04 15:07 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-04-24 22:03 . 2008-04-24 22:07 <DIR> d-------- C:\Documents and Settings\Deborah\Application Data\Move Networks
2008-04-22 13:52 . 2008-04-22 13:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-19 20:09 . 2008-04-19 20:09 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-19 19:02 . 2008-04-29 10:58 109,804 --a------ C:\WINDOWS\BMaba9d9d0.xml
2008-04-19 18:50 . 2008-04-24 15:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\xcsDd01
2008-04-19 18:50 . 2008-04-20 14:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\trcTMP
2008-04-19 18:50 . 2008-04-19 18:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\slNew
2008-04-19 18:50 . 2008-04-19 18:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\iTmp
2008-04-19 18:50 . 2008-04-19 18:51 <DIR> d-------- C:\Temp\berDrv11
2008-04-19 18:50 . 2008-05-02 17:09 <DIR> d-------- C:\Temp
2008-04-16 23:12 . 2008-04-16 23:12 <DIR> d-------- C:\Documents and Settings\Deborah\Application Data\CyberLink
2008-04-14 18:43 . 2008-04-14 15:43 74,240 --a------ C:\WINDOWS\b156.exe
2008-04-12 14:17 . 2008-04-12 14:17 1,046 --a------ C:\net_save.dna
2008-04-12 14:15 . 2008-04-12 14:15 <DIR> d-------- C:\Program Files\support.com
2008-04-12 10:14 . 2008-04-12 10:14 <DIR> d-------- C:\Program Files\Netflix
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-11 08:48 . 2008-04-11 05:48 11,264 --a------ C:\WINDOWS\b138.exe
2008-04-10 15:18 . 2008-04-10 15:18 <DIR> d-------- C:\Program Files\Xvid
2008-04-10 15:18 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\SYSTEM32\xvidcore.dll
2008-04-10 15:18 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll
2008-04-10 15:18 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\SYSTEM32\xvid.ax
2008-04-10 13:58 . 2008-04-27 13:34 <DIR> d-------- C:\Program Files\uTorrent
2008-04-10 13:58 . 2008-04-10 15:08 <DIR> d-------- C:\Documents and Settings\Deborah\Application Data\uTorrent
2008-04-10 11:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-04-08 19:26 . 2008-04-08 19:26 <DIR> d-------- C:\Program Files\iTunes
2008-04-08 19:26 . 2008-04-08 19:26 <DIR> d-------- C:\Program Files\iPod
2008-04-08 19:21 . 2008-04-08 19:21 <DIR> d-------- C:\Program Files\QuickTime
2008-04-08 17:33 . 2008-04-08 14:33 68,096 --a------ C:\WINDOWS\b155.exe
2008-04-08 09:49 . 2008-04-08 09:49 29,926 --a------ C:\WINDOWS\SYSTEM32\MyDocume.ico
2008-04-08 09:49 . 2008-04-08 09:49 29,926 --a------ C:\WINDOWS\SYSTEM32\MyComput.ico
2008-04-08 09:49 . 2008-04-08 09:49 29,422 --a------ C:\WINDOWS\SYSTEM32\MyNetPla.ico
2008-04-08 09:49 . 2008-04-08 09:49 25,214 --a------ C:\WINDOWS\SYSTEM32\RecBinFu.ico
2008-04-08 09:49 . 2008-04-08 09:49 25,214 --a------ C:\WINDOWS\SYSTEM32\RecBinEm.ico
2008-04-07 23:29 . 2005-06-10 16:25 15,576 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\usbbc.sys
2008-04-07 23:27 . 2008-04-07 23:27 <DIR> d-------- C:\WINDOWS\Sheriff_LicenseDB
2008-04-07 23:27 . 2008-04-07 23:27 264 --a------ C:\WINDOWS\SYSTEM32\winsusrm.dll
2008-04-07 23:26 . 2008-04-07 23:27 <DIR> d-------- C:\Program Files\Intellimover
2008-04-06 17:41 . 2008-04-06 17:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\VirtualExpander
2008-04-05 16:41 . 2008-04-05 16:42 4 --a------ C:\WINDOWS\msoffice.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-04 22:33 --------- d-----w C:\Program Files\TrueAssistant
2008-04-20 01:10 --------- d-----w C:\Documents and Settings\Deborah\Application Data\Yahoo!
2008-04-20 01:09 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-05 22:52 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-05 22:50 --------- d-----w C:\Documents and Settings\Deborah\Application Data\AOL
2008-04-05 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-05 22:47 --------- d-----w C:\Program Files\Pure Networks
2008-03-27 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-27 19:25 --------- d-----w C:\Program Files\Dell Support Center
2008-03-27 19:25 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-03-27 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F6A17D5-E9C2-4CB8-899A-37C66E09E8FD}]
C:\WINDOWS\system32\khfgfggd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D77C0AEF-1D5E-47C1-89E5-38070A0BAEC8}]
C:\WINDOWS\system32\tuvwwxvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Vi rtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 08:23 202544]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-31 18:34 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-30 08:06 4800512]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-03-19 15:16 151597]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 15:21 270336]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\Motive SB.exe" [2006-08-24 17:19 380928]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 12:03 53248]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 08:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BMaba9d9d0"="C:\WINDOWS\system32\roujordd.dll " [ ]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08 351480]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-05-04 14:50 1572608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1237:UDP"= 1237:UDP:Windows Media Format SDK (ybrowser.exe)
"1236:UDP"= 1236:UDP:Windows Media Format SDK (ybrowser.exe)
"1238:UDP"= 1238:UDP:Windows Media Format SDK (ybrowser.exe)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoRcd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5e5fbc0c-826a-11d8-aead-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-28 19:06:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-05-04 17:22:51
ComboFix-quarantined-files.txt 2008-05-04 23:22:47
ComboFix2.txt 2008-05-02 23:19:14

Pre-Run: 58,268,188,672 bytes free
Post-Run: 58,259,189,760 bytes free

160 --- E O F --- 2008-04-09 06:39:29

Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System


Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

I have downloaded the recovery console, but I can not drag it on top of combofix. Is there any other way? Thanks for your help.

Rather than hold things up we will go ahead without the Recovery Console but here is how you can do it after doing this cleanup...
Recovery Console

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {2F6A17D5-E9C2-4CB8-899A-37C66E09E8FD} - C:\WINDOWS\system32\khfgfggd.dll (file missing)
O2 - BHO: (no name) - {D77C0AEF-1D5E-47C1-89E5-38070A0BAEC8} - C:\WINDOWS\system32\tuvwwxvu.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [BMaba9d9d0] Rundll32.exe "C:\WINDOWS\system32\roujordd.dll",s
Reboot.......................
==============================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

I did this Hijackthis portion, and saved the quotebox as CFScript.txt, but I can not drag onto Combofix. Nothing on my desktop can be dragged and dropped or move anywhere. Should I post another round of logs? Thanks again.

Ok.Give this a go....

• Download The Avenger by Swandog46 from here.
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
• Click OK.
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
• Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C.
  
  
  
  Code:

  Files to delete:
  C:\WINDOWS\b156.exe
  C:\WINDOWS\b138.exe
  C:\WINDOWS\b155.exe
  Folders to delete:
  C:\WINDOWS\SYSTEM32\xcsDd01
  C:\WINDOWS\SYSTEM32\trcTMP
  C:\WINDOWS\SYSTEM32\slNew
  C:\WINDOWS\SYSTEM32\iTmp
  C:\Temp\berDrv11

• In the avenger window, click the Paste Script from Clipboard, button.
• Click the Execute button.
• You will be asked Are you sure you want to execute the current script?.
• Click Yes.
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
• Click Yes.
• Your PC will now be rebooted.
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
• Please post this log, along with a new HijackThis log in your next reply.