Hello_ I am new to this forum - my first time posting.

Hopefully someone can help resolve this,as none of my kids will admit to what they did on the PC last night. I am at work now, but will be home later on.

AVG is no longer running. I tried to reinstall but get not a valid win32 Application

I ran Kapsersky and Combofix.
Here is the Combofix report below ran before I left for work:

ComboFix 08-01-31.4 - Glenn 2008-01-31 5:41:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.136 [GMT -5:00]
Running from: C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\WCYF2V69\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Glenn\Application Data\macromedia\Flash Player\#SharedObjects\HPRVB4TP\www.broadcaster.com
C:\Documents and Settings\Glenn\Application Data\macromedia\Flash Player\#SharedObjects\HPRVB4TP\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Glenn\Application Data\macromedia\Flash Player\#SharedObjects\HPRVB4TP\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Glenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Glenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\install.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\119296.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-31 05:54 . 2008-01-31 05:54 d-------- C:\WINDOWS\SYSTEM32\DRIVERS\down
2008-01-30 19:31 . 2008-01-30 19:31 d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-30 19:31 . 2008-01-30 19:31 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 21:04 . 2008-01-28 21:06 d-------- C:\Program Files\Truck Dismount
2008-01-28 20:59 . 2008-01-28 20:59 d-------- C:\Program Files\Porrasturvat - Stair Dismount
2008-01-26 07:11 . 2008-01-26 07:11 d-------- C:\Documents and Settings\Glenn\Application Data\Uniblue
2008-01-26 07:10 . 2008-01-26 07:10 d-------- C:\Program Files\Uniblue
2008-01-20 18:32 . 2008-01-20 18:34 d-------- C:\Program Files\CA
2008-01-17 19:48 . 2008-01-17 19:51 d-------- C:\Documents and Settings\Glenn\.housecall6.6
2008-01-17 19:48 . 2008-01-31 05:21 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-15 18:41 . 2008-01-15 18:41 d-------- C:\Program Files\e frontier
2008-01-15 18:06 . 2008-01-15 18:06 34,504 --a------ C:\WINDOWS\SYSTEM32\nlsdl32.dll
2008-01-15 17:14 . 2008-01-31 05:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 17:14 . 2008-01-15 17:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-01-09 17:58 . 2008-01-09 17:58 22,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PnkBstrK.sys
2008-01-09 17:57 . 2008-01-09 17:57 107,832 --a------ C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-01-09 17:57 . 2008-01-09 17:57 66,872 --a------ C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2008-01-09 15:44 . 2008-01-09 15:44 d-------- C:\Documents and Settings\Glenn\Application Data\IGN_DLM
2008-01-08 21:37 . 2008-01-08 21:37 d-------- C:\Program Files\SystemRequirementsLab
2008-01-08 16:47 . 2008-01-15 17:25 d-------- C:\Program Files\EA GAMES
2008-01-05 17:04 . 2008-01-05 17:04 32,948 --a------ C:\MARILYN HELFORD Resume 1.5.08_doc.eml
2008-01-04 21:04 . 2008-01-04 21:04 d-------- C:\Torque
2008-01-03 18:01 . 2008-01-03 18:01 d-------- C:\WINDOWS\solcache
2008-01-03 18:00 . 2008-01-03 18:01 d-------- C:\Program Files\Sierra On-Line
2008-01-03 18:00 . 2008-01-03 18:00 d-------- C:\Dynamix
2008-01-03 17:59 . 2008-01-07 20:40 148 --a------ C:\WINDOWS\Sierra.ini
2008-01-01 16:39 . 2008-01-01 16:39 63,915 --a------ C:\ScreenHunter_004.jpg
2008-01-01 16:38 . 2008-01-01 16:38 53,913 --a------ C:\ScreenHunter_002.jpg
2007-12-24 20:58 . 2008-01-29 18:37 d-------- C:\Program Files\eMule
2007-12-12 20:05 . 2007-12-12 20:05 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-12-08 21:37 . 2006-11-29 01:06 860,211 --a-s---- C:\WINDOWS\SYSTEM32\XSIFtk-3.6.2.1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 22:03 --------- d-----w C:\Documents and Settings\Glenn\Application Data\LimeWire
2008-01-29 23:41 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-29 23:33 --------- d-----w C:\Documents and Settings\Glenn\Application Data\AVG7
2008-01-22 22:48 --------- d-----w C:\Program Files\LimeWire
2008-01-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 22:09 --------- d-----w C:\Program Files\QuickTime
2008-01-15 07:39 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-13 15:57 --------- d-----w C:\Documents and Settings\Glenn\Application Data\Azureus
2008-01-11 23:47 --------- d-----w C:\Program Files\Azureus
2008-01-08 21:34 --------- d-----w C:\Program Files\Magic FPS
2008-01-05 02:07 --------- d-----w C:\Program Files\Torque
2008-01-03 23:02 2,044 ----a-w C:\Program Files\AT&T Special Offer.lnk
2007-12-30 03:52 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2007-12-25 02:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-22 14:06 --------- d-----w C:\Program Files\Paint.NET
2007-12-11 00:06 --------- d-----w C:\Program Files\Best Buy Rhapsody
2007-12-08 14:02 --------- d-----w C:\Program Files\AC3D 6.1
2007-12-08 14:01 --------- d-----w C:\Program Files\A C 3D
2007-09-14 21:03 59,246,605 ----a-w C:\Program Files\Ac3d_6.1.zip
2007-09-03 13:42 92,128 ----a-w C:\Documents and Settings\Glenn\Application Data\GDIPFONTCACHEV1.DAT
2007-08-18 23:12 532,616 ----a-w C:\Program Files\ImageResizerPowertoySetup.exe
2007-05-19 10:52 2,000,239 ----a-w C:\Program Files\noteburner.exe
2007-01-24 01:38 8,696,643 ----a-w C:\Program Files\TUNE UP 2006 V 5.3.2343.rar
2006-12-09 16:57 3,165,518 ----a-w C:\Program Files\uiso8_pe.exe
2006-06-23 22:48 15,937,652 ----a-w C:\Program Files\NLDemo155.exe
2005-11-26 15:43 557,056 ----a-w C:\Documents and Settings\Glenn\chatlnk.exe
2004-12-01 23:34 716 ---ha-w C:\Documents and Settings\All Users\Application Data\pb7msys.dat
2004-06-19 10:15 2,569 --sha-w C:\WINDOWS\bmvhi.dat
2004-08-04 05:56 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2007-10-20 18:19 56 --sh--r C:\WINDOWS\SYSTEM32\9F0EFAF752.sys
2004-04-28 06:09 2,569 --sha-w C:\WINDOWS\SYSTEM32\ddagh.dat
2004-06-13 03:40 2,569 --sha-w C:\WINDOWS\SYSTEM32\huace.dat
2007-10-20 18:19 1,890 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2004-06-06 16:42 2,569 --sha-w C:\WINDOWS\SYSTEM32\rphrp.dat

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B172E5A-5846-4678-BEFB-89CB2EADDF36}]
2008-01-15 18:06 34504 --a------ C:\WINDOWS\system32\nlsdl32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-03-12 09:09 686794]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2008-01-31 05:49 473928]
"NvCplDaemon"="NvQTwk" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 21:17 69705]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 05:49 579072]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 20:10 339968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 10:51 185632]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-31 05:30 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Stopper]
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-13 10:51 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 15:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2005-09-26 10:28]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-26 23:21]
R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-09-26 10:28]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:30]
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 22:17:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-24 18:45:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-31 08:23:26 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-31 11:04:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C8A4869B-9408-4C41-8D12-BA3DD576E149}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-01-31 05:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
*********************************************
Completion time: 2008-01-31 6:09:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 11:09:06
.
2008-01-10 11:47:43 --- E O F ---
# # #
That's it. Hopefully this can be fixed without me having to wipe the C drive clean and reinstall. Thanks in advance.

Hi Hglenn

You are running combofix from IE temp folder:

Running from: C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\WCYF2V69\ComboFix[1].exe

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.