disluinon

Excellent. Thanks for all the help!

That seemed to do the trick. I got a message saying Combofix had been uninstalled.

I get a "Windows cannot find 'Combofix'" when I type that in the Run box. Also, I couldn't find SecurityCheck in my list of programs. I did get the new version of java, though. My only real problem before was that Malwarebytes wouldn't work, so now that it does, I'm happy. Thanks for all the help!

No malware found Statistics Scanned: * Files: 58433 * System: 3110 * Not scanned: 6 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * Not cleaned: 0 * Submitted: 0 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics Results of screen317's Security Check version 0.99.2 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 10 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.3 ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast5 AvastSvc.exe ALWILS~1 Avast5 avastUI.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````

ComboFix 10-04-01.02 - Justin K 04/03/2010 1:48.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.612 [GMT -5:00] Running from: c:\documents and settings\Justin K\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Justin K\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AppPatch\AcAdProc.dll . --------------- FCopy --------------- c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys . ((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 ))))))))))))))))))))))))))))))) . 2010-04-03 06:48 . 2003-03-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2010-04-03 06:48 . 2003-03-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2010-03-20 09:06 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-20 09:06 . 2010-03-30 06:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-20 09:06 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-10 10:48 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 04:10 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-05 04:10 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-05 04:10 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-05 04:10 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-03-05 04:10 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-03-05 04:10 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-03-05 04:10 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-03-05 04:10 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-03-05 04:10 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-03-05 04:10 . 2010-03-05 04:10 -------- d-----w- c:\program files\Alwil Software 2010-03-05 04:10 . 2010-03-05 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-03 06:55 . 2008-09-29 21:30 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000E-00001102-00000004-20021102}.dat 2010-04-03 06:55 . 2008-09-29 21:30 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000E-00001102-00000004-20021102}.dat 2010-04-03 06:47 . 2008-09-30 00:21 -------- d-----w- c:\documents and settings\Justin K\Application Data\uTorrent 2010-04-02 21:30 . 2008-09-30 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-03-26 06:45 . 2009-07-13 21:19 -------- d-----w- c:\documents and settings\Justin K\Application Data\vlc 2010-03-23 01:27 . 2008-09-29 22:42 -------- d-----w- c:\program files\CCleaner 2010-03-12 23:46 . 2010-01-08 20:54 -------- d-----w- c:\program files\SpeedFan 2010-03-10 18:26 . 2008-09-29 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-08 19:25 . 2009-02-14 23:20 -------- d-----w- c:\documents and settings\Justin K\Application Data\CoreFTP 2010-03-05 01:37 . 2008-10-18 02:52 -------- d-----w- c:\program files\Coupons 2010-02-27 05:15 . 2008-09-29 22:11 365768 ----a-w- c:\documents and settings\Justin K\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-27 03:59 . 2010-02-27 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2010-02-27 03:59 . 2008-09-29 21:14 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-27 03:58 . 2010-02-27 03:58 -------- d-----w- c:\program files\SmartSound Software 2010-02-27 03:56 . 2008-10-17 01:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-27 03:53 . 2010-02-27 03:55 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-02-27 03:53 . 2010-02-27 03:55 116472 ------w- c:\windows\system32\pxcpyi64.exe 2010-02-25 06:24 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 00:31 . 2008-09-30 06:26 -------- d-----w- c:\program files\AVG 2010-02-07 21:54 . 2010-02-07 21:54 -------- d-----w- c:\documents and settings\Justin K\Application Data\LEAPS 2010-02-07 21:51 . 2010-02-07 21:51 -------- d-----w- c:\program files\Pegasys Inc 2010-02-07 21:29 . 2010-02-07 21:29 -------- d-----w- c:\documents and settings\Justin K\Application Data\Pegasys Inc 2010-02-07 21:02 . 2010-02-07 21:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-07 20:33 . 2010-02-07 20:33 -------- d-----w- c:\documents and settings\Justin K\Application Data\Panasonic 2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\program files\Panasonic 2010-02-07 20:24 . 2008-09-29 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-07 11:48 . 2010-02-07 11:48 -------- d-----w- c:\documents and settings\Justin K\Application Data\HandBrake 2010-02-07 11:48 . 2010-02-07 11:48 -------- d-----w- c:\program files\Handbrake 2010-02-05 09:47 . 2008-09-30 07:42 -------- d-----w- c:\documents and settings\Justin K\Application Data\foobar2000 2010-02-04 06:00 . 2010-02-04 06:00 -------- d-----w- c:\documents and settings\Justin K\Application Data\QuosaDDM 2010-02-02 18:00 . 2010-02-07 21:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2003-06-20 24576] "AsioReg"="CTASIO.DLL" [2003-06-20 118784] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-29 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-07-04 21:00 109056 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2002-10-15 23:00 1818624 ----a-w- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] 2003-06-18 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] 2003-07-02 15:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-17 07:49 133104 ----atw- c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-10-26 06:37 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/4/2010 11:10 PM 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/4/2010 11:10 PM 19024] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [9/28/2008 3:35 PM 19016] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/18/2008 1:02 AM 717296] . Contents of the 'Scheduled Tasks' folder 2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-839522115-725345543-1004.job - c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 07:49] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Justin K\Application Data\Mozilla\Firefox\Profiles\l53d1i86.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\documents and settings\Justin K\Application Data\Move Networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-03 01:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(3784) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2010-04-03 02:05:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-03 07:05 ComboFix2.txt 2010-03-30 06:36 Pre-Run: 95,391,637,504 bytes free Post-Run: 95,357,800,448 bytes free - - End Of File - - EF208EB1BFE4609D882EA912C66E0DA7 DDS (Ver_10-03-17.01) - NTFSx86 Run by Justin K at 2:10:57.60 on Sat 04/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.565 [GMT -5:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Justin K\My Documents\mb\dds.scr ============== Pseudo HJT Report =============== BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll mRun: [CTHelper] CTHELPER.EXE mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: aol.com\free DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\justin~1\applic~1\mozilla\firefox\profiles\l53d1i86.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\documents and settings\justin k\application data\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\justin k\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-4 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-4 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2008-9-28 19016] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] =============== Created Last 30 ================ 2010-04-03 06:48:26 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2010-04-03 06:48:26 4224 ------w- c:\windows\system32\drivers\beep.sys 2010-03-23 22:00:58 0 d-sha-r- C:\cmdcons 2010-03-23 21:59:40 98816 ----a-w- c:\windows\sed.exe 2010-03-23 21:59:40 77312 ----a-w- c:\windows\MBR.exe 2010-03-23 21:59:40 261632 ----a-w- c:\windows\PEV.exe 2010-03-23 21:59:40 161792 ----a-w- c:\windows\SWREG.exe 2010-03-23 21:53:44 20 ----a-w- c:\documents and settings\justin k\defogger_reenable 2010-03-20 09:06:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-20 09:06:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 09:06:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-10 10:48:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 04:10:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software ==================== Find3M ==================== 2010-02-27 03:53:34 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-02-27 03:53:34 116472 ------w- c:\windows\system32\pxcpyi64.exe 2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll 2010-02-02 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2008-09-30 18:47:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat ============= FINISH: 2:11:07.89 ===============

Hello, I've never used HijackThis. Can you give me a link to download it? I don't think I've made any changes too recently. I know a long time ago (a year maybe? quite a while) Malwarebytes found something with the "beep" file and removed it. Not sure if that has anything to do with what you're concerned about, though.

It worked! Thanks! ComboFix ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 ))))))))))))))))))))))))))))))) . 2010-03-20 09:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-20 09:06 . 2010-03-20 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-20 09:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-10 10:48 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 04:10 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-05 04:10 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-05 04:10 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-05 04:10 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-03-05 04:10 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-03-05 04:10 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-03-05 04:10 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-03-05 04:10 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-03-05 04:10 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-03-05 04:10 . 2010-03-05 04:10 -------- d-----w- c:\program files\Alwil Software 2010-03-05 04:10 . 2010-03-05 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-30 06:26 . 2008-09-29 21:30 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000E-00001102-00000004-20021102}.dat 2010-03-30 06:26 . 2008-09-29 21:30 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000E-00001102-00000004-20021102}.dat 2010-03-29 22:58 . 2008-09-30 00:21 -------- d-----w- c:\documents and settings\Justin K\Application Data\uTorrent 2010-03-26 06:45 . 2009-07-13 21:19 -------- d-----w- c:\documents and settings\Justin K\Application Data\vlc 2010-03-23 01:27 . 2008-09-29 22:42 -------- d-----w- c:\program files\CCleaner 2010-03-12 23:46 . 2010-01-08 20:54 -------- d-----w- c:\program files\SpeedFan 2010-03-10 18:26 . 2008-09-29 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-10 00:48 . 2008-09-30 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-03-08 19:25 . 2009-02-14 23:20 -------- d-----w- c:\documents and settings\Justin K\Application Data\CoreFTP 2010-03-05 01:37 . 2008-10-18 02:52 -------- d-----w- c:\program files\Coupons 2010-02-27 05:15 . 2008-09-29 22:11 365768 ----a-w- c:\documents and settings\Justin K\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-27 03:59 . 2010-02-27 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2010-02-27 03:59 . 2008-09-29 21:14 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-27 03:58 . 2010-02-27 03:58 -------- d-----w- c:\program files\SmartSound Software 2010-02-27 03:56 . 2008-10-17 01:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-27 03:53 . 2010-02-27 03:55 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-02-27 03:53 . 2010-02-27 03:55 116472 ------w- c:\windows\system32\pxcpyi64.exe 2010-02-23 00:31 . 2008-09-30 06:26 -------- d-----w- c:\program files\AVG 2010-02-07 21:54 . 2010-02-07 21:54 -------- d-----w- c:\documents and settings\Justin K\Application Data\LEAPS 2010-02-07 21:51 . 2010-02-07 21:51 -------- d-----w- c:\program files\Pegasys Inc 2010-02-07 21:29 . 2010-02-07 21:29 -------- d-----w- c:\documents and settings\Justin K\Application Data\Pegasys Inc 2010-02-07 21:02 . 2010-02-07 21:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-07 20:33 . 2010-02-07 20:33 -------- d-----w- c:\documents and settings\Justin K\Application Data\Panasonic 2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\program files\Panasonic 2010-02-07 20:24 . 2008-09-29 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-07 11:48 . 2010-02-07 11:48 -------- d-----w- c:\documents and settings\Justin K\Application Data\HandBrake 2010-02-07 11:48 . 2010-02-07 11:48 -------- d-----w- c:\program files\Handbrake 2010-02-05 09:47 . 2008-09-30 07:42 -------- d-----w- c:\documents and settings\Justin K\Application Data\foobar2000 2010-02-04 06:00 . 2010-02-04 06:00 -------- d-----w- c:\documents and settings\Justin K\Application Data\QuosaDDM 2010-02-02 18:00 . 2010-02-07 21:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-30 02:38 . 2010-01-30 02:20 -------- d-----w- c:\documents and settings\Justin K\Application Data\ArcSoft 2010-01-30 02:28 . 2010-01-30 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2010-01-30 02:20 . 2010-01-30 02:20 -------- d-----w- c:\program files\Common Files\ArcSoft 2010-01-30 02:20 . 2010-01-30 02:20 -------- d-----w- c:\program files\ArcSoft 2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ------- Sigcheck ------- [7] 2003-03-31 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys c:\windows\System32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2003-06-20 24576] "AsioReg"="CTASIO.DLL" [2003-06-20 118784] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-29 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-07-04 21:00 109056 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2002-10-15 23:00 1818624 ----a-w- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] 2003-06-18 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] 2003-07-02 15:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-17 07:49 133104 ----atw- c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-10-26 06:37 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/4/2010 11:10 PM 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/4/2010 11:10 PM 19024] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [9/28/2008 3:35 PM 19016] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/20/2010 4:06 AM 38224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/18/2008 1:02 AM 717296] . Contents of the 'Scheduled Tasks' folder 2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-839522115-725345543-1004.job - c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 07:49] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Justin K\Application Data\Mozilla\Firefox\Profiles\l53d1i86.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\documents and settings\Justin K\Application Data\Move Networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-30 01:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(984) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2010-03-30 01:36:04 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-30 06:36 Pre-Run: 101,159,624,704 bytes free Post-Run: 101,127,028,736 bytes free DDS (Ver_10-03-17.01) - NTFSx86 Run by Justin K at 1:53:11.98 on Tue 03/30/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.566 [GMT -5:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Justin K\My Documents\mb\dds.scr ============== Pseudo HJT Report =============== BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll mRun: [CTHelper] CTHELPER.EXE mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: aol.com\free DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\justin~1\applic~1\mozilla\firefox\profiles\l53d1i86.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\documents and settings\justin k\application data\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\justin k\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-4 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-4 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2008-9-28 19016] =============== Created Last 30 ================ 2010-03-30 06:40:52 699904 ----a-w- c:\windows\isRS-000.tmp 2010-03-23 22:00:58 0 d-sha-r- C:\cmdcons 2010-03-23 21:59:40 98816 ----a-w- c:\windows\sed.exe 2010-03-23 21:59:40 77312 ----a-w- c:\windows\MBR.exe 2010-03-23 21:59:40 261632 ----a-w- c:\windows\PEV.exe 2010-03-23 21:59:40 161792 ----a-w- c:\windows\SWREG.exe 2010-03-23 21:53:44 20 ----a-w- c:\documents and settings\justin k\defogger_reenable 2010-03-20 09:06:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-20 09:06:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 09:06:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-10 10:48:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 04:10:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software ==================== Find3M ==================== 2010-02-27 03:53:34 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-02-27 03:53:34 116472 ------w- c:\windows\system32\pxcpyi64.exe 2010-02-02 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2008-09-30 18:47:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat ============= FINISH: 1:53:38.12 ===============

Unfortunately, it's still the same. (I just tried it and it froze after 27 seconds.)

ComboFix 10-03-23.03 - Justin K 03/23/2010 17:04:05.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.595 [GMT -5:00] Running from: c:\documents and settings\Justin K\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Justin K\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Thumbs.db c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx c:\windows\eSellerateEngine.dll c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 ))))))))))))))))))))))))))))))) . 2010-03-20 09:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-20 09:06 . 2010-03-20 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-20 09:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-15 01:30 . 2010-03-19 06:30 -------- d-----w- C:\robin luke 2010-03-10 10:48 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 04:10 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-05 04:10 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-05 04:10 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-05 04:10 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-03-05 04:10 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-03-05 04:10 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-03-05 04:10 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-03-05 04:10 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-03-05 04:10 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-03-05 04:10 . 2010-03-05 04:10 -------- d-----w- c:\program files\Alwil Software 2010-03-05 04:10 . 2010-03-05 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-02-27 03:58 . 2010-02-27 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2010-02-27 03:58 . 2010-02-27 03:58 -------- d-----w- c:\program files\SmartSound Software 2010-02-27 03:55 . 2010-02-27 03:53 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-02-27 03:55 . 2010-02-27 03:53 116472 ------w- c:\windows\system32\pxcpyi64.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-23 22:08 . 2008-09-29 21:30 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000E-00001102-00000004-20021102}.dat 2010-03-23 22:08 . 2008-09-29 21:30 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000E-00001102-00000004-20021102}.dat 2010-03-23 21:54 . 2008-09-30 00:21 -------- d-----w- c:\documents and settings\Justin K\Application Data\uTorrent 2010-03-23 01:27 . 2008-09-29 22:42 -------- d-----w- c:\program files\CCleaner 2010-03-12 23:46 . 2010-01-08 20:54 -------- d-----w- c:\program files\SpeedFan 2010-03-10 18:26 . 2008-09-29 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-10 00:48 . 2008-09-30 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-03-08 19:25 . 2009-02-14 23:20 -------- d-----w- c:\documents and settings\Justin K\Application Data\CoreFTP 2010-03-05 01:37 . 2008-10-18 02:52 -------- d-----w- c:\program files\Coupons 2010-02-27 05:15 . 2008-09-29 22:11 365768 ----a-w- c:\documents and settings\Justin K\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-27 03:59 . 2008-09-29 21:14 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-27 03:56 . 2008-10-17 01:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-23 00:31 . 2008-09-30 06:26 -------- d-----w- c:\program files\AVG 2010-02-07 21:54 . 2010-02-07 21:54 -------- d-----w- c:\documents and settings\Justin K\Application Data\LEAPS 2010-02-07 21:51 . 2010-02-07 21:51 -------- d-----w- c:\program files\Pegasys Inc 2010-02-07 21:29 . 2010-02-07 21:29 -------- d-----w- c:\documents and settings\Justin K\Application Data\Pegasys Inc 2010-02-07 21:02 . 2010-02-07 21:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-07 20:33 . 2010-02-07 20:33 -------- d-----w- c:\documents and settings\Justin K\Application Data\Panasonic 2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\program files\Panasonic 2010-02-07 20:24 . 2008-09-29 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-07 11:48 . 2010-02-07 11:48 -------- d-----w- c:\documents and settings\Justin K\Application Data\HandBrake 2010-02-07 11:48 . 2010-02-07 11:48 -------- d-----w- c:\program files\Handbrake 2010-02-05 09:47 . 2008-09-30 07:42 -------- d-----w- c:\documents and settings\Justin K\Application Data\foobar2000 2010-02-04 06:00 . 2010-02-04 06:00 -------- d-----w- c:\documents and settings\Justin K\Application Data\QuosaDDM 2010-02-02 18:00 . 2010-02-07 21:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-30 02:38 . 2010-01-30 02:20 -------- d-----w- c:\documents and settings\Justin K\Application Data\ArcSoft 2010-01-30 02:28 . 2010-01-30 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2010-01-30 02:20 . 2010-01-30 02:20 -------- d-----w- c:\program files\Common Files\ArcSoft 2010-01-30 02:20 . 2010-01-30 02:20 -------- d-----w- c:\program files\ArcSoft 2010-01-18 15:47 . 2010-01-18 15:47 144160 ----a-w- c:\documents and settings\Justin K\Application Data\Move Networks\uninstall.exe 2010-01-18 15:47 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Justin K\Application Data\Move Networks\plugins\npqmp071505000011.dll 2010-01-18 15:47 . 2010-01-18 15:46 1438976 ----a-w- c:\documents and settings\Justin K\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe 2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ------- Sigcheck ------- [7] 2003-03-31 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys c:\windows\System32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2003-06-20 24576] "AsioReg"="CTASIO.DLL" [2003-06-20 118784] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "EPSON Stylus Photo RX580"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-29 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-07-04 21:00 109056 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2002-10-15 23:00 1818624 ----a-w- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] 2003-06-18 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] 2003-07-02 15:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-17 07:49 133104 ----atw- c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-10-26 06:37 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/4/2010 11:10 PM 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/4/2010 11:10 PM 19024] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [9/28/2008 3:35 PM 19016] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/20/2010 4:06 AM 38224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/18/2008 1:02 AM 717296] . Contents of the 'Scheduled Tasks' folder 2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-839522115-725345543-1004.job - c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 07:49] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Justin K\Application Data\Mozilla\Firefox\Profiles\l53d1i86.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\documents and settings\Justin K\Application Data\Move Networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\Justin K\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-23 17:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2804) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\bgsvcgen.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2010-03-23 17:17:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-23 22:17 Pre-Run: 90,898,595,840 bytes free Post-Run: 90,865,012,736 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 1A354709B5DAAADC401300FCD55E66E2 DDS (Ver_10-03-17.01) - NTFSx86 Run by Justin K at 17:20:38.09 on Tue 03/23/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.650 [GMT -5:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Justin K\Desktop\dds.scr ============== Pseudo HJT Report =============== BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll mRun: [CTHelper] CTHELPER.EXE mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [EPSON Stylus Photo RX580] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX580" /O5 "LPT1:" /M "Stylus Photo RX500" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: aol.com\free DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\justin~1\applic~1\mozilla\firefox\profiles\l53d1i86.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-4 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-4 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2008-9-28 19016] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 40384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-20 38224] =============== Created Last 30 ================ 2010-03-23 22:00:58 0 d-sha-r- C:\cmdcons 2010-03-23 21:59:40 98816 ----a-w- c:\windows\sed.exe 2010-03-23 21:59:40 77312 ----a-w- c:\windows\MBR.exe 2010-03-23 21:59:40 261632 ----a-w- c:\windows\PEV.exe 2010-03-23 21:59:40 161792 ----a-w- c:\windows\SWREG.exe 2010-03-23 21:53:44 20 ----a-w- c:\documents and settings\justin k\defogger_reenable 2010-03-20 09:06:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-20 09:06:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 09:06:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-15 01:30:04 0 d-----w- C:\robin luke 2010-03-10 10:48:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 04:10:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-02-27 03:58:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc 2010-02-27 03:58:20 0 d-----w- c:\program files\SmartSound Software 2010-02-27 03:55:06 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-02-27 03:55:06 116472 ------w- c:\windows\system32\pxcpyi64.exe ==================== Find3M ==================== 2010-02-02 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2008-09-30 18:47:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat ============= FINISH: 17:20:48.59 ===============

Well, it wouldn't work after restarting the computer. Do I just end the spoolsv.exe process anytime i need to scan?

It worked!

I do. No one ever responded!

Yeah, disabling Diskeeper didn't work, so I followed your instructions and made a new post with my logs. Thanks for the help!

I was instructed by exile360 to follow some instructions and post here. My problem is that after updating Malwarebytes a few days ago, my scans freeze anywhere between 25 and a minute into the scan. The program just becomes unresponsive. Here is my DDS log (I don't have any Malwarebytes logs because the program never finishes scanning): DDS (Ver_09-12-01.01) - NTFSx86 Run by Justin K at 17:17:10.98 on Thu 01/07/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.543 [GMT -6:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Justin K\Desktop\dds.scr ============== Pseudo HJT Report =============== BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [EPSON Stylus Photo RX580] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\windows\temp\E_S93.tmp" /EF "HKCU" mRun: [CTHelper] CTHELPER.EXE mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [EPSON Stylus Photo RX580] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX580" /O5 "LPT1:" /M "Stylus Photo RX500" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: aol.com\free DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\justin~1\applic~1\mozilla\firefox\profiles\l53d1i86.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\documents and settings\justin k\application data\mozilla\firefox\profiles\l53d1i86.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\documents and settings\justin k\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-30 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-30 27784] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 297752] R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2008-9-28 19016] S3 Ctn78u2vca;Ctn78u2vca; [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-2 38224] =============== Created Last 30 ================ 2010-01-07 23:13:10 20 ----a-w- c:\documents and settings\justin k\defogger_reenable 2010-01-05 21:36:56 0 d-----w- C:\VINCENT 2010-01-02 19:48:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-02 19:48:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 19:48:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2008-09-30 18:47:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat ============= FINISH: 17:17:40.67 =============== AttachAndArk.zip

Also, thanks for taking the time to help!