Ran combofix and rebooted. Avast came up with a message about a suspicious file called "asyncmac.sys", which i deleted. Here are the results of combofix:
ComboFix 11-05-17.01 - Morey Gottesman 05/17/2011 19:59:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1376 [GMT -4]
Running from: c:\documents and settings\Morey Gottesman\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Morey Gottesman\2gweorjqjutp92vjy9gake
c:\documents and settings\Morey Gottesman\Application Data\Adobe\plugs
c:\documents and settings\Morey Gottesman\Application Data\Adobe\shed
c:\documents and settings\Morey Gottesman\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Morey Gottesman\Local Settings\Application Data\{478EB161-C959-47A1-B1BB-4F54CAC67C69}
c:\documents and settings\Morey Gottesman\Local Settings\Application Data\{478EB161-C959-47A1-B1BB-4F54CAC67C69}\chrome.manifest
c:\documents and settings\Morey Gottesman\Local Settings\Application Data\{478EB161-C959-47A1-B1BB-4F54CAC67C69}\chrome\content\_cfg.js
c:\documents and settings\Morey Gottesman\Local Settings\Application Data\{478EB161-C959-47A1-B1BB-4F54CAC67C69}\chrome\content\overlay.xul
c:\documents and settings\Morey Gottesman\Local Settings\Application Data\{478EB161-C959-47A1-B1BB-4F54CAC67C69}\install.rdf
c:\documents and settings\Morey Gottesman\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-15 01:38 . 2011-05-15 01:38 -------- d-----w- c:\documents and settings\Morey Gottesman\Application Data\Malwarebytes
2011-05-15 01:37 . 2011-05-15 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-15 01:37 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 01:37 . 2011-05-15 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 01:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 01:12 . 2011-05-15 01:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-13 05:56 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4F39A259-557B-478E-A041-39814835BF23}\mpengine.dll
2011-05-13 02:45 . 2011-05-13 02:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2010-04-17 15:11 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-25 16:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2008-04-25 16:16 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-25 16:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-25 16:16 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-06-14 00:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-05-12 10:19 . 2011-04-16 11:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-04-14 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"Custom Skin Clock"="c:\program files\Custom Skin Clock\Clock.exe" [2008-01-30 712704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-3 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-05-07 19:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Morey Gottesman\\Application Data\\Macromedia\\Flash Player\\
www.macromedia.com\\bin\\octoshape\\octoshape.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/22/2010 5:12 PM 294608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2010 5:12 PM 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/3/2009 3:30 PM 10384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-05-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page =
hxxp://my.yahoo.com/uInternet Settings,ProxyOverride = *.local
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
Trusted Zone: epiphone.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Morey Gottesman\Application Data\Mozilla\Firefox\Profiles\no7clpoj.default\
FF - prefs.js: browser.startup.homepage -
hxxp://my.yahoo.com/|http://www.cnn.com/FF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Bsiku - c:\windows\isakujikapakuka.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-17 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="EE7837726B8200BA31BFCE11E60E636EAC146CA5331AC6B4003DBC95DEC750F27E414A824A96A1E7FC616E67E42BF9C9FCB52239362C27F39E4411A1C0294626E5BE84C1251A5153CC3B998CA763047E290F4B2C78F7892BE42A4D744F7C7C5C7B8EB1EFDA89B92054D1DDF27C6C8030E3AC5BBE510B609F21A3EB4113497B1CCA306FD0448518377C0EA00CA72000488F831D381319B1DB544D3ABE093B5EB09189322DA6D23DC4DFBC1A53DBFB2BF445682B627E791BAE33A659A620225729C1E03FCE415B0FB84D91554446A2BA27D29676094BA5CB292893C0B73DF129D803E3B387442C06C6492032DE8359FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B5559DB7CE019D40AA5C8D70B70BE78B7666B417C3DABBF124B8B0C380615DA8F85CB85AB573D21092C4000DCCC88E8795A60FE92CF86C0DE9BB5EFB5792765C43A7C8F963BE7F2982D8CC7BBEEA8C645F8A98D7C1970992634AF1F514A055343D14E04166A49A38D30030A9EC77F4883B7643ADBDA46B9AE87F327BEF7E39184A9A39A090C4E59797AC7BC469D6AE6086F415FA9171BCC0C31F799F560930F641D42248ED2476A5D0EF92BFF9D4F4DA92B2A614DF35FD27318DB538687E20426C027F31BA29B6C57784EC521AA1D4EC257FA5117F868371E356E95CFA00C1708B844712691FE25D784597787852B38CF551D24EFDE474C902A6AB6B9595A279D16386EA1FB50ED7B2B1B270F65E46B6B3C0036C19B04C5AA550258575A8A2DCE54ADA7EB4809EA37A6D723C2D2318EAFD0A20CEC42FDAD5DC48950E0C07F59AE3077852B7F54DB318419F26E461082CE90FA71D288A45F0A8AACDB1FB642639D80DA6306B72287F489896B51CBBC70380552BC420CF816380B3365B1FD610C249733FA5C3341000B904C53D85BB60F9BF834E75BB70DAE8CCC5C6BC81D8E444AA753406E9E03CB49137334E88CE2A229767CC243DC1F345EC670FCAE2C7A84E6AF086E73D7DB6206709F63FBE43D58D6D73F1861E7DBE3AB34131BE3A673479E5E94EA34EF6DAC847763DAC774FE4D41B3A9F9B08408290E4A1E3952DDC345CEF0637D8611B5D39309EC6F535092E14ECF64BA15C0CDB97BB7AEF111AB3AA17D09180E8729FC20118C6E53DADEFDDE923847D1D2CC5BA9CE5E2B5351159E9C8C2F9FBFA2D9A64B2E5D405E9CB62F079746555D741B7E2778692A5CCD5219D99F45393777387EF6375D59F27ADA43B6D883D02DA170FEA7D32E9C6E362C141B18954BF8EDB4468AE977A46642760636D7CD54AF95B5CC08EF2E7B3CB6253A4BE99D791B1AD17A2B310959CD4BE21E3ACE11B86C5F395220948B5991A3657EDF22F5C2C166926C815169E5CEE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2011-05-17 20:05:22
ComboFix-quarantined-files.txt 2011-05-18 00:05
.
Pre-Run: 200,318,906,368 bytes free
Post-Run: 200,828,006,400 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8E05EA05F307C8F77B383BC2A41FFC5F