Popups everywhere

[michaelm]

Please Help,

I have a nasty little bug on my computer and need expert help on removal. I hope I ran all the necessary virsus scans and collected all the correct logs. Popups all over the place and its impossible to do anything on my computer. Please HELP

thanks,

mikem

[jholland1964]

Hi Michael,
To begin it would appear that you are not running an anti-virus program OR a firewall. BOTH are absolute MUSTS today.
Before you do anything else please go here
and download, install and update ONE of the FREE anti-virus programs that PP notes. You may choose any ONE of the three but you must choose one, install and use it. It will do no good whatsoever to clean this machine if you are not running an anti-virus program.
You also MUST use a firewall, the huge number of trojans found on your system is one of the ways you pay for not using a firewall. Either enable the built in Windows Firewall or download and install one of those noted by PP in the link above.
Once you have installed and updated the Anti-virus program of your choice I would like you to do a Full System Scan with it and have if fix/quarantine or delete anything found.

Next I would like you to run the Eset scanner again, but this time please have it clean whatever is found.
Save the log for posting here.

Next I would like you to download the latest version of Java which is 6 update 5. Your version is way, way out of date.
Go here to download the latest version. Please choose the Offline install and save it to your desktop so that you can find it easily.
After you have downloaded the java install pkg I would like you to go to Add/Remove and uninstall All previous versions of java that you find there.

While you are in Add/Remove also please uninstall the following;
Ad-Aware SE Personal
Coupon Printer for Windows
HOTLLAMA Media Player
LiveUpdate 2.6 (Symantec Corporation) (evidently a remnant of a previous Norton Anti-virus program which is no longer on the system)
You also should look there for SurfMonkey programs, allegedly will make your browser "for kids only" but it is most definitely Adware and something you DO NOT want on the computer. It will remind you to subscribe to their service every now and then. And displays a bunch of sponsor's logos in a sidebar. It MOST definitely is running on this computer. If you do not find it in Add/Remove then go to C:\WINDOWS\ and look for SurfMonkey. If you find it, delete it.

Once all above items are uninstalled then double click the java install program that you downloaded and install it. Once it is installed then go here to verify the install went well.

After you have done all of the above I would like you to run HJT again and place a checkmark next to the following entries if they still remain;

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {CB2ADFC2-80F3-4608-B9D8-10BE2A4E70D1} - C:\WINDOWS\system32\jkhhf.dll (file missing)


O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [58be37a2] rundll32.exe "C:\WINDOWS\system32\eotpitpu.dll",b
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\qcntlkdn.exe DWram
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [Amrbrs] "C:\Program Files\Common Files\??crosoft\n?tepad.exe"
O4 - HKCU\..\Run: [wqif] C:\Program Files\InetGet2\stub109_4_0_4_0.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\CROSOF~1.NET\chkdsk .exe" -vt yazb
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O8 - Extra context menu item: &Search - ?p=ZJxdm128MFUS
O20 - Winlogon Notify: qommmjh - qommmjh.dll (file missing)

Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run a NEW Malwarebytes' Anti-Malware Scan
Have it remove everything found. Save the log for posting here.
Then run a new HJT scan and save that log and post it here.
We can then decide what needs to be done next.
Judy

[michaelm]

Still getting popups, maybe not as frequently tho.

mikem

[jholland1964]

What type of pop-ups are you getting? Advertisements of messages from Windows?
That surfmonkey program is still on the computer. It is NOT a recommended program and should be removed.

[michaelm]

http://www.trafficportal.org/adserve...D=29&RID=&UID=
http://yellowpages.addresses.com

Are the popups i'm getting.

Surfmonkey is not in the Add and Remove Programs and i was able to delete the folder in Windows when in Safe Mode. How do i get it off ?

[jholland1964]

I would like you to run combofix using these instructions;

• Download combofix.exe by sUBs to your computer's Desktop.
• Alternate Download
• (If you already have a previous version, delete it and download a new version).
• Double click combofix.exe & follow the prompts.
  Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to

• Produce a log for you. ( C:\ComboFix\ComboFix.txt)
• Restore your Internet connection.

IMPORTANT:

• Do not use your computer while Combofix is running.
• Do not mouseclick combofix's window while it's running. That may cause it to stall.
  If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

Please post that log for us. You can copy&paste this one into this thread.

[michaelm]

ComboFix 08-04-26.1 - HP_Owner 2008-04-26 17:34:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.613 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\My Documents\CROSOF~1.NET
C:\Documents and Settings\HP_Owner\My Documents\CROSOF~1.NET\??crosoft.NET\
C:\Program Files\Common Files\crosof~1
C:\Program Files\icroso~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM5b8d043e.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\auwejqkn.ini
C:\WINDOWS\system32\drivers\AnyDVDD.sys
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\lsp.dll
C:\WINDOWS\system32\uptiptoe.ini
C:\WINDOWS\system32\wbwhconl.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANYDVDD
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_AnyDVDD


((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-26 17:38 . 2008-04-26 17:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 17:38 . 2008-04-26 17:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 00:04 . 2008-04-26 00:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-26 00:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 21:33 . 2008-04-26 16:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-25 21:27 . 2008-04-26 09:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Program Files\AVG
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-25 21:27 . 2008-04-25 21:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-25 21:27 . 2008-04-25 21:27 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-25 21:27 . 2008-04-25 21:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-25 21:18 . 2008-04-25 21:18 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-25 17:36 . 2008-04-25 23:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 22:36 . 2008-04-26 13:35 <DIR> d-------- C:\New Folder
2008-04-24 08:00 . 2008-04-24 08:00 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-15 23:02 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-15 23:02 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-15 23:02 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-15 23:02 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-15 23:02 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-15 23:02 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-15 23:02 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-15 22:00 . 2008-04-16 17:19 959 --a------ C:\WINDOWS\wininit.ini
2008-04-15 21:39 . 2008-04-15 21:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 21:39 . 2008-04-15 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 19:19 . 2008-04-15 19:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-15 19:19 . 2008-04-15 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-15 19:17 . 2008-04-15 21:43 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\U3
2008-04-08 20:05 . 2008-04-10 19:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-04-08 06:43 . 2008-04-08 06:43 <DIR> d-------- C:\WINDOWS\kdefense
2008-04-08 06:43 . 2008-04-08 06:43 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-04-08 06:43 . 2008-04-08 06:52 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-04-08 06:43 . 2008-04-08 06:52 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-04-08 06:43 . 2008-04-08 06:52 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-04-08 06:43 . 2008-04-08 06:52 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-04-08 06:40 . 2008-04-08 06:40 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-04-08 06:39 . 2007-12-16 03:49 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-08 06:39 . 2007-12-16 03:49 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-08 06:39 . 2007-12-16 03:49 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-08 06:37 . 2008-04-08 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-08 06:36 . 2008-04-24 08:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 22:21 . 2008-04-07 22:21 3,425 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\WINDOWS\fiqw
2008-04-06 21:13 . 2008-04-07 21:35 <DIR> d-------- C:\Program Files\Common Files\fiqw
2008-04-06 11:52 . 2008-04-06 11:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ScamBlocker
2008-04-06 11:52 . 2008-04-06 11:52 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\EarthLink
2008-04-06 11:48 . 2008-04-06 11:48 <DIR> d-------- C:\Temp\wdlw14

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-26 07:04 --------- d-----w C:\Program Files\Java
2008-04-26 06:47 --------- d-----w C:\Program Files\Coupons
2008-04-16 02:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 22:05 14,822 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-04-05 17:25 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Canon
2008-04-04 01:11 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-02-27 02:17 --------- d-----w C:\Program Files\U.B. Funkeys
2008-02-27 02:15 186,592 ----a-w C:\WINDOWS\system32\drivers\windrvr6.sys
2007-12-25 19:35 22,328 ----a-w C:\Documents and Settings\HP_Owner\Application Data\PnkBstrK.sys
2005-04-30 04:07 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57 94208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 16:24 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 22:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 18:39 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 2551808 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 21:54 253952]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-05-24 05:46 188416]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 19:48 45056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-04-17 13:41 196608]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-01-28 16:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"Earthlink Protection Control Center"="C:\Program Files\EarthLink TotalAccess\\ProtectionControlCenter\elnk_pcc.exe" [2005-12-08 13:35 2899968]
"ELNKProxy"="C:\WINDOWS\surfmonkey\smproxy.exe " [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"FlyMonitor"="C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2007-11-15 15:32 669000]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 21:27 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38 241664]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 19:25:38 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 GRFILTER;CS NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2005-07-11 10:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 21:27]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-25 21:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 21:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-25 21:27]
R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47]
R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2005-07-11 10:38]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [2005-08-15 17:00]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\HP_Owner\LOCALS~1\Te mp\ATICDSDr.sys []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16]
S3 FlyUsb;FLY Fusion;C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2007-09-05 16:26]
S3 SNDO763;ViviCam 3350B;C:\WINDOWS\system32\DRIVERS\sndo763.sys [2004-05-12 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{438f4458-0b5b-11dd-babf-0011d8129839}]
\Shell\AutoRun\command - K:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 03:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 17:38:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\EarthLink TotalAccess\ProtectionControlCenter\elnk_pcc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
************************************************** ************************
.
Completion time: 2008-04-26 17:41:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 00:41:16

Pre-Run: 145,167,384,576 bytes free
Post-Run: 145,411,641,344 bytes free

225 --- E O F --- 2008-04-17 10:00:44

[jholland1964]

ComboFix CFScript

* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

File::
C:\WINDOWS\fiqw
C:\Program Files\Common Files\fiqw
C:\Temp\wdlw14

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ELNKProxy"=

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

• 
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please post the new ComboFix log in your next reply.

Please note below is correct script. I left off the "-" minus sign at the end of "ELNKProxy"= please use script below.

File::
C:\WINDOWS\fiqw
C:\Program Files\Common Files\fiqw
C:\Temp\wdlw14

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ELNKProxy"=-

[michaelm]

ComboFix 08-05-01.3 - HP_Owner 2008-05-04 18:16:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-04-26 23:00 . 2008-05-04 15:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 23:00 . 2008-04-26 23:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 22:59 . 2008-04-26 23:00 <DIR> d-------- C:\Program Files\iTunes
2008-04-26 22:58 . 2008-04-26 22:58 <DIR> d-------- C:\Program Files\QuickTime
2008-04-26 00:04 . 2008-04-26 00:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-26 00:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 21:33 . 2008-04-26 16:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-25 21:27 . 2008-05-04 15:06 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Program Files\AVG
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-25 21:27 . 2008-04-25 21:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-25 21:27 . 2008-04-25 21:27 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-25 21:27 . 2008-04-25 21:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-25 21:18 . 2008-04-25 21:18 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-25 17:36 . 2008-04-25 23:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 22:36 . 2008-04-26 17:57 <DIR> d-------- C:\New Folder
2008-04-24 08:00 . 2008-04-24 08:00 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-15 23:02 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-15 23:02 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-15 23:02 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-15 23:02 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-15 23:02 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-15 23:02 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-15 23:02 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-15 22:00 . 2008-04-16 17:19 959 --a------ C:\WINDOWS\wininit.ini
2008-04-15 21:39 . 2008-04-15 21:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 21:39 . 2008-04-15 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 19:19 . 2008-04-15 19:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-15 19:19 . 2008-04-15 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-15 19:17 . 2008-04-15 21:43 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\U3
2008-04-08 20:05 . 2008-04-10 19:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-04-08 06:43 . 2008-04-08 06:43 <DIR> d-------- C:\WINDOWS\kdefense
2008-04-08 06:43 . 2008-04-08 06:43 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-04-08 06:43 . 2008-04-08 06:52 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-04-08 06:43 . 2008-04-08 06:52 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-04-08 06:43 . 2008-04-08 06:52 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-04-08 06:43 . 2008-04-08 06:52 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-04-08 06:40 . 2008-04-08 06:40 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-04-08 06:39 . 2007-12-16 03:49 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-08 06:39 . 2007-12-16 03:49 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-08 06:39 . 2007-12-16 03:49 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-08 06:37 . 2008-04-08 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-08 06:36 . 2008-04-24 08:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 22:21 . 2008-04-07 22:21 3,425 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\WINDOWS\fiqw
2008-04-06 21:13 . 2008-04-07 21:35 <DIR> d-------- C:\Program Files\Common Files\fiqw
2008-04-06 11:52 . 2008-04-06 11:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ScamBlocker
2008-04-06 11:52 . 2008-04-06 11:52 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\EarthLink
2008-04-06 11:48 . 2008-04-24 23:31 <DIR> d-------- C:\WINDOWS\system32\bharebio01
2008-04-06 11:48 . 2008-04-06 11:48 <DIR> d-------- C:\Temp\wdlw14
2008-04-06 11:48 . 2008-04-26 17:34 <DIR> d-------- C:\Temp
2008-04-06 11:48 . 2008-04-24 22:31 937 --a------ C:\WINDOWS\system32\winpfz33.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-04 23:13 15,104 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-05-01 01:46 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Canon
2008-04-28 03:35 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-27 05:59 --------- d-----w C:\Program Files\iPod
2008-04-27 05:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-26 07:04 --------- d-----w C:\Program Files\Java
2008-04-16 02:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 01:11 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-11 16:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 16:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 20:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 15:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-12-25 19:35 22,328 ----a-w C:\Documents and Settings\HP_Owner\Application Data\PnkBstrK.sys
2005-04-30 04:07 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-26_17.41.03.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 00:37:52 2,048 --sha-w C:\WINDOWS\bootstat.dat
+ 2008-05-04 22:04:18 2,048 --sha-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 05:52:56 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-04-27 06:00:19 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2006-09-19 22:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 19:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2006-10-04 03:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 19:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57 94208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 16:24 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 22:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 18:39 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 2551808 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 21:54 253952]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-05-24 05:46 188416]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 19:48 45056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-04-17 13:41 196608]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-01-28 16:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"Earthlink Protection Control Center"="C:\Program Files\EarthLink TotalAccess\\ProtectionControlCenter\elnk_pcc.exe" [2005-12-08 13:35 2899968]
"ELNKProxy"="C:\WINDOWS\surfmonkey\smproxy.exe " [ ]
"FlyMonitor"="C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2007-11-15 15:32 669000]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 21:27 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38 241664]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 19:25:38 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 GRFILTER;CS NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2005-07-11 10:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 21:27]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-25 21:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 21:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-25 21:27]
R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47]
R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2005-07-11 10:38]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [2005-08-15 17:00]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\HP_Owner\LOCALS~1\Te mp\ATICDSDr.sys []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16]
S3 FlyUsb;FLY Fusion;C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2007-09-05 16:26]
S3 SNDO763;ViviCam 3350B;C:\WINDOWS\system32\DRIVERS\sndo763.sys [2004-05-12 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{438f4458-0b5b-11dd-babf-0011d8129839}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 05:52:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 18:19:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-04 18:20:00
ComboFix-quarantined-files.txt 2008-05-05 01:19:54
ComboFix2.txt 2008-04-27 00:41:20

Pre-Run: 143,253,815,296 bytes free
Post-Run: 143,424,004,096 bytes free

221 --- E O F --- 2008-04-17 10:00:44

[jholland1964]

Tell you what michaelm, this machine is still highly infected. I see several trojans here in this combofix log.

I also see that you are running multiple protection programs...which actually lessens your protection
AVG 8, Zone Alarm and the Earthlink Protection program which includes, among other things, and anti-virus program and a firewall. This means you have at least two anti-virus programs and two firewalls running. A BIG NO-NO. The rule is one of each on a computer. Right now I don't think any of them are working.

How long have you had all of these on the system? It appears at least the Earthlink program was installed around April 6. At the same time at least one of these trojans also appeared. So I would say part of the problem lies with the Earthlink security because there appears to be about a 5 minute timeline between the trojan entering the system and the Earthlink program being installed. Don't know if you downloaded it or if it came on a CD but I believe you should UNINSTALL all of this Earthlink security stuff for now at least until we can get this figured out. Right now you have way too much installed and running.

There is also some Trend Micro files on there, was this the online scanner or did you also install their antivirus program? This appears around April 15.
You also have at least a portion of Authentium's Command Antivirus program. This needs to go also.

1st.Uninstall all but ONE antivirus program and ONE firewall and frankly I would hope it would be the ENTIRE Earthlink Protection Program. Was there a reason you felt you needed all of these? Also in this same time frame you installed AdAware and Spybot. Now all of this was done BEFORE your original post here on April 25. How long have you been having these problems?

Let's try this another way.
Download, install, update and run an Anti-Trojan Application

TrojanHunter (30-day free trial)

Update it, then reboot into safe mode and run the program.

After you have uninstalled all and run the TrojanHunter program then run another combofix and post the log here along with a new HJT scan log.