I'm having similar issues as others with installing Malwarebytes. It will never run no matter how I rename the file and I also can not go to any website that references Malwarebytes. I have looked for in device manager for hidden devices and none of the suggestions show up. I have also ran ComboFix and below is the results. This originally was brought to my attention when a program called Alpha Antivirus was somehow installed on the machine. As far as I can tell I have removed it and I can find no references to that program causing this. ComboFix 09-10-27.07 - kdenbeste 10/28/2009 9:07.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1541 [GMT -4:00] Running from: c:\documents and settings\Kim Den Beste\Desktop\Combo-Fix.exe AV: avast! antivirus 4.8.1356 [VPS 091027-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\_000019_.tmp.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACrnjnwyquva.dll c:\windows\system32\UACymxnuuykds.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWCWORKSTATION -------\Legacy_UACD.SYS -------\Service_NWCWorkstation -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 ))))))))))))))))))))))))))))))) . 2009-10-28 02:51 . 2009-10-28 02:51 -------- d-sh--w- c:\documents and settings\Administrator.KIM\IETldCache 2009-10-27 21:21 . 2009-10-27 21:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-27 15:14 . 2009-10-27 15:14 193040 ----a-w- c:\windows\system32\lastmon.dll 2009-10-27 15:10 . 2009-10-27 15:10 277007 ----a-w- c:\windows\system32\addefcebbeefeaaec.dll 2009-10-27 13:07 . 2009-10-27 13:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-24 20:17 . 2009-10-24 20:17 350208 ----a-w- c:\windows\system32\IEaddonscontrol.dll 2009-10-15 07:00 . 2009-10-15 07:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- c:\documents and settings\Kim Den Beste\Application Data\Office Genuine Advantage 2009-10-06 19:28 . 2009-10-06 18:10 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-06 18:21 . 2009-10-06 18:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-06 18:10 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-06 18:09 . 2009-10-06 18:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-06 18:09 . 2009-10-06 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-06 18:09 . 2009-10-06 18:09 -------- d-----w- c:\program files\Lavasoft 2009-10-06 18:00 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-10-06 18:00 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-10-06 18:00 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-10-06 18:00 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-10-06 18:00 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-06 18:00 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-06 18:00 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-10-06 17:59 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-10-06 17:59 . 2009-10-06 17:59 -------- d-----w- c:\program files\Alwil Software 2009-10-06 17:48 . 2009-10-06 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-06 17:48 . 2009-10-06 17:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-02 21:39 . 2009-10-02 21:39 45 ----a-w- c:\documents and settings\Kim Den Beste\jagex_runescape_preferences2.dat 2009-10-02 21:38 . 2009-10-02 22:22 38 ----a-w- c:\documents and settings\Kim Den Beste\jagex_runescape_preferences.dat 2009-10-02 21:37 . 2009-10-02 21:38 -------- d-----w- c:\windows\.jagex_cache_32 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-23 22:00 . 2006-08-07 12:19 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-15 07:03 . 2007-08-21 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-25 22:34 . 2009-07-31 14:46 84432 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 21:15 . 2009-09-22 21:09 -------- d-----w- c:\program files\Google 2009-09-22 13:27 . 2009-09-22 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-20 17:55 . 2009-09-16 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-20 13:27 . 2009-09-20 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2009-09-17 22:22 . 2009-09-17 22:22 -------- d-----w- c:\program files\MapPuzzles 2009-09-16 21:40 . 2009-09-16 21:40 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-16 21:40 . 2009-09-16 21:39 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-11 14:18 . 2008-12-13 19:35 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2008-12-13 19:35 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-30 18:20 . 2006-08-07 12:12 106608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-29 08:08 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-06 23:24 . 2004-08-04 21:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-08-04 21:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2007-08-22 15:34 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-08-04 21:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-08-04 21:00 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-08-04 21:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-08-04 21:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2007-08-24 13:00 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2007-04-17 02:43 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2004-08-04 21:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2008-12-13 19:35 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2008-12-13 19:35 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2008-12-13 19:35 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] c:\documents and settings\Administrator.KIM\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] c:\documents and settings\aserrano\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] c:\documents and settings\__sbs_netsetup__\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\addefcebbeefeaaec] 2009-10-27 15:10 277007 ----a-w- c:\windows\system32\addefcebbeefeaaec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Kim Den Beste^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=c:\documents and settings\Kim Den Beste\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=c:\windows\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\HP\\HPNetworkAssistant\\HPNetworkAssistant.exe"= "c:\\Program Files\\HP Rhapsody\\rhapsody.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/6/2009 2:10 PM 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/6/2009 2:00 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/6/2009 2:00 PM 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/27/2008 1:00 PM 24652] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/22/2009 5:09 PM 133104] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:10] 2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 21:09] 2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 21:09] 2009-10-25 c:\windows\Tasks\Norton Security Scan for kdenbeste.job - c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-27 23:58] 2009-10-28 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=toolbar uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: trinityprep.org\webportal Trusted Zone: yahoo.com\www TCP: {6FF4182C-6FD6-41B3-98B8-E05C36184816} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\documents and settings\Kim Den Beste\Application Data\Mozilla\Firefox\Profiles\6apdhr4j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7 FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query= FF - component: c:\documents and settings\Kim Den Beste\Application Data\Mozilla\Firefox\Profiles\6apdhr4j.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-28 09:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\addefcebbeefeaaec.dll c:\windows\system32\WININET.dll c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(3540) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\hnetcfg.dll c:\program files\Bonjour\mdnsNSP.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\mqsvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\mqtgsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\combo-fix\CF3203.exe c:\combo-fix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-28 9:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-28 13:23 Pre-Run: 82,383,810,560 bytes free Post-Run: 82,340,265,984 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 26075FD5B19638F27C6B8EC656AF7523