Hi Jack log below, it is adding RUNDLL entries into ie BHO's. If you disable or delete the DLL's a new, randomly named one is created.

Thanks,
JB

HP/compaq 8510p laptop, Windows XP with all the latest SP and updates.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:22 AM, on 7/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\SecurStar\Client\DCPP\DCPPSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SecurStar\Client\SecurStarListener.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\SecurStar\Client\DCPP\dcpp.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\software\sysinternals\PROCESS_EXPLORER\procexp.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aaanet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hocwebsense:6588
O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Program Files\Web Technologies\iebr.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\New Boundary\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [Dcpp Startup] "C:\Program Files\SecurStar\Client\DCPP\Dcpp.exe" /RS
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [84f907bd] rundll32.exe "C:\WINDOWS\system32\cflxnslr.dll",b
O4 - HKLM\..\Run: [BM87ca3421] Rundll32.exe "C:\WINDOWS\system32\jhpmuilr.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9003] command /c del "C:\WINDOWS\system32\jhpmuilr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2152] cmd /c del "C:\WINDOWS\system32\jhpmuilr.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://aaanet
O16 - DPF: iLO Remote Console Applet - https://ilousm6500aay/dvc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} (SWToolSet.Engine) - http://solarwinds/SWToolset.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212075737313
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ad.aaamidatlantic.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.ad.aaamidatlantic.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C75A3E7-D0CF-494A-8124-3A2528EAFC9E}: NameServer = 10.3.26.31,10.3.26.32
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ad.aaamidatlantic.com
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: SecurStar DCPP Enterprise Service (DCPPSvc) - Unknown owner - C:\Program Files\SecurStar\Client\DCPP\DCPPSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SecurStarListener (SecurSyncClient) - Unknown owner - C:\Program Files\SecurStar\Client\SecurStarListener.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 13682 bytes

Ok, I have:

Run Spybot from regular and safe mode, and it ran at startup, ran ADAware, ran Symantec AV. They find stuff from time to time (all .dll's that are deleted) and I have manually deleted dll's that I found with process explorer (sysinternals). System restore is off.

I disable the random named BHO's, only to have them come back with a different name and flood me with more pop up ads.

here are some things that were found:
LaunchinIE.dll
SpyShredder
Trojan.Zlob
WinFixer
Trojan.Awax
Downloader
AntiSpyCheck
Zlob.Downloader.vdt
Virtumonde & Virtumonde.prx
various flavors of Smitfraud


Thanks in advance
JB

Like everyone else, I read the "Don't do anything until we repsond" AFTER I already did a bunch of attempts at cleaning.

Here is the ComboFix log (just downloaded version)

ComboFix 08-07-20.A0 - jbrady 2008-07-21 15:54:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1350 [GMT -4:00]
Running from: C:\downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 45
pv: No matching processes found
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

/wow section - STAGE 46
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\WINDOWS\hosts
C:\WINDOWS\system32\afqfxgck.ini
C:\WINDOWS\system32\cflxnslr.dll
C:\WINDOWS\system32\flybnkdw.ini
C:\WINDOWS\system32\folmykxg.dll
C:\WINDOWS\system32\gkleuyjc.dll
C:\WINDOWS\system32\jTCbLRqr.ini
C:\WINDOWS\system32\jTCbLRqr.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nznegm.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qpsDNqru.ini
C:\WINDOWS\system32\qpsDNqru.ini2
C:\WINDOWS\system32\rlsnxlfc.ini
C:\WINDOWS\system32\rqRLbCTj.dll
C:\WINDOWS\system32\wdknbylf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASBroker
-------\Service_ASBroker


((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-21 14:14 . 2008-07-21 14:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-21 14:14 . 2008-07-21 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 14:13 . 2008-07-21 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 13:56 . 2008-07-21 13:56 <DIR> d-------- C:\Documents and Settings\jbrady\.housecall6.6
2008-07-21 11:55 . 2008-07-21 11:55 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2008-07-21 11:55 . 2008-07-21 11:55 <DIR> d-------- C:\Documents and Settings\jbrady.L026567
2008-07-21 11:21 . 2008-07-21 11:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 09:53 . 2008-07-21 09:53 <DIR> d-------- C:\Program Files\Unlocker
2008-07-21 09:27 . 2008-07-21 09:27 105,984 --a------ C:\WINDOWS\system32\fwnoprps.dll
2008-07-18 15:41 . 2008-07-21 11:10 110,419 --a------ C:\WINDOWS\BM87ca3421.xml
2008-07-18 15:40 . 2008-07-18 15:40 281,600 --a------ C:\WINDOWS\system32\urqNDspq.dll.delete
2008-07-18 15:35 . 2008-07-18 15:38 <DIR> d-------- C:\WINDOWS\system32\aumsDK01
2008-07-18 15:35 . 2008-07-18 15:35 <DIR> d-------- C:\temp\zpv201
2008-07-15 08:20 . 2008-07-14 16:10 2,572,288 --a------ C:\WINDOWS\7-11-08.scr
2008-07-09 15:50 . 2008-07-09 15:50 65,344 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-07-09 15:47 . 2008-07-09 15:49 <DIR> d-------- C:\screencaps
2008-07-03 11:27 . 2008-07-03 11:27 5,281 --a------ C:\bren_yea.jpg
2008-07-01 14:01 . 2008-07-01 14:01 <DIR> d-------- C:\Program Files\Citrix
2008-07-01 14:01 . 2008-07-01 14:01 56,912 --a------ C:\Documents and Settings\jbrady\g2mdlhlpx.exe
2008-06-30 20:59 . 2008-06-30 20:59 35,840 --a------ C:\ping order.doc
2008-06-30 20:46 . 2008-06-30 20:46 41,984 --a------ C:\sticker reciept.doc
2008-06-30 20:45 . 2008-06-30 20:45 381,070 --a------ C:\Invoice - Sticker Shoppe.mht
2008-06-30 20:33 . 2008-06-30 20:33 93,263 --a------ C:\Google Checkout Order Receipt David Rudrud Designs.mht
2008-06-30 12:01 . 2008-06-30 12:01 <DIR> d-------- C:\Program Files\QuickTime
2008-06-30 10:55 . 2008-06-30 10:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-30 10:55 . 2008-06-30 10:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-30 10:55 . 2008-06-30 10:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-30 10:55 . 2008-06-30 10:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-30 10:54 . 2008-06-30 10:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-30 10:44 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-27 13:38 . 2008-06-27 13:38 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-27 13:38 . 2008-06-27 13:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-27 13:38 . 2008-06-27 13:38 <DIR> d-------- C:\Program Files\MSBuild
2008-06-27 13:37 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-27 13:31 . 2008-06-25 14:42 19,165,184 --a------ C:\WINDOWS\July12008.scr
2008-06-24 16:40 . 2008-07-21 11:10 238 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 19:58 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-18 19:39 --------- d-----w C:\Program Files\goaway
2008-07-09 19:46 --------- d-----w C:\Program Files\ScreenPrint32 v3
2008-07-09 19:45 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-09 19:45 249,856 ------w C:\WINDOWS\Setup1.exe
2008-06-19 14:42 --------- d-----w C:\Program Files\CHM2Word
2008-06-18 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-18 13:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-18 13:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-06-18 13:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-06-18 13:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-06-18 13:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-06-16 15:02 --------- d-----w C:\Documents and Settings\jbrady\Application Data\getleft
2008-06-13 16:27 --------- d-----w C:\Program Files\Microsoft NESBooks
2008-06-13 14:07 --------- d-----w C:\Documents and Settings\jbrady\Application Data\OfficeUpdate12
2008-06-10 17:42 3,854,336 ----a-w C:\WINDOWS\June15th.scr
2008-06-10 14:54 --------- d-----w C:\Program Files\Windows Resource Kits
2008-05-30 16:19 --------- d-----w C:\Program Files\Getleft
2008-05-30 15:42 --------- d-----w C:\Program Files\zeraha.org
2008-05-29 19:55 2,609,152 ----a-w C:\WINDOWS\MemberFirstJune2.scr
2008-05-29 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-05-29 15:32 --------- d-----w C:\Program Files\ATI Technologies
2008-05-22 00:01 --------- d-----r C:\Documents and Settings\jbrady\Application Data\Brother
2008-05-21 19:38 --------- d-----w C:\Program Files\Solarwinds
2008-05-01 20:16 5,234,688 ----a-w C:\WINDOWS\2008MayDisney.scr
2008-04-28 17:15 1,712,128 ----a-w C:\WINDOWS\May15_08.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 16:36 872448]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 14:28 124928]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 16:52 404248]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"Prism Deploy Client"="C:\Program Files\New Boundary\Client\PTClient.exe" [2008-04-08 16:17 2813952]
"Dcpp Startup"="C:\Program Files\SecurStar\Client\DCPP\Dcpp.exe" [2006-12-14 17:42 1802240]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"PTHOSTTR"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 15:52 145184]
"CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 18:12 17920]
"IFXSPMGT"="c:\WINDOWS\system32\ifxspmgt.exe" [2007-07-24 08:21 677144]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 12:00 192512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-09-19 15:58 33280]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-30 12:01 413696]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-03-03 04:39 6144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00 561213]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-10-03 17:17:20 1537064]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-05-02 15:25:31 192512]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-06-18 16:08:19 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 09:04 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqRLbCTj

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=AAA-PRISM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mstsc.exe"=
"C:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 dcpp2k;dcpp2k;C:\WINDOWS\system32\drivers\dcpp2k.sys [2006-11-14 20:26]
R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-08-14 17:59]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 13:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-06-14 16:22]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2007-07-24 08:21]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-08-14 17:59]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2008-04-13 20:12]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 16:52]
R2 DCPPSvc;SecurStar DCPP Enterprise Service;C:\Program Files\SecurStar\Client\DCPP\DCPPSvc.exe [2006-12-13 17:38]
R2 HpFkCryptService;Drive Encryption Service;c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 13:26]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 16:52]
R2 SecurSyncClient;SecurStarListener;C:\Program Files\SecurStar\Client\SecurStarListener.exe [2007-03-16 17:56]
R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 16:13]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 16:52]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-11-14 15:48]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-07-24 08:21]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 01:08]
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2007-09-18 06:56]
S3 DAMDrv;DAMDrv;C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-06-08 08:49]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\WINDOWS\system32\flcdlock.exe [2007-06-08 09:06]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 16:54]
S3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2008-05-08 20:32]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\WINDOWS\system32\DRIVERS\swnc8u56.sys [2007-06-27 10:41]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\WINDOWS\system32\DRIVERS\swumx56.sys [2007-06-27 10:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93cb490c-1d5e-11dd-9006-001e37a32359}]
\Shell\AutoRun\command - E:\setup.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{8F37CE76-38EC-4CF7-8663-2C6CC62196B2} - C:\WINDOWS\system32\urqNDspq.dll__BHODemonDisabled
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Settings,ProxyServer = hocwebsense:6588
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O17 -: HKLM\CCS\Interface\{3C75A3E7-D0CF-494A-8124-3A2528EAFC9E}: NameServer = 10.3.26.31,10.3.26.32

O16 -: iLO Remote Console Applet - hxxps://ilousm6500aay/dvc.cab
C:\WINDOWS\Downloaded Program Files\OSDF0D.OSD
C:\WINDOWS\Downloaded Program Files\dvc.dll

O16 -: {26700CD9-6157-4B72-B46F-EC93C952F19C} - hxxp://solarwinds/SWToolset.exe
C:\WINDOWS\Downloaded Program Files\SWToolset.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 16:00:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Completion time: 2008-07-21 16:03:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 20:03:39

Pre-Run: 73,699,069,952 bytes free
Post-Run: 73,919,721,472 bytes free

274 --- E O F --- 2008-05-19 20:15:12