PDA

View Full Version : my log attached



miamiwings
2010-09-18, 04:01
Please note, yesterday I downloaded malwarebytes to remove desktop security 2010. I used the Hijack this log and then downloaded malwarebytes,, it didn't seem to work because I am still getting weird messages and getting redirected to other sites. please help thanks


DDS (Ver_10-03-17.01) - NTFSx86
Run by Liz at 20:43:53.10 on 2010-09-17
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.106 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Liz\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Liz\Local Settings\Temporary Internet

Files\Content.IE5\7Y80G6B0\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.peoplestring.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber

systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -

c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -

c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber

systems\ai roboform\roboform.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\googletoolbar2.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} -

c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai

roboform\RoboTaskBarIcon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe

-expressboot
mRun: [nwiz] NWIZ.EXE /install
mRun: [GrooveMonitor] "c:\program files\microsoft

office\office12\GrooveMonitor.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite

backup\CarboniteUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\liz\startm~1\programs\startup\erunta~1.lnk -

c:\program files\erunt\AUTOBACK.EXE
IE: Customize Menu - file://c:\program files\siber systems\ai

roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai

roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai

roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai

roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai

roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai

roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: plaxo.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program

files\yahoo!\common\Yinsthelper200711281.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -

hxxp://www.facebook.com/controls/contactx.dll
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -

hxxp://cam1.rcon.nl/activex/AMC.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploa

der55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/

ultrashim.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} -

hxxp://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c

ab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -

hxxp://guckhin.serveftp.net/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program

files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager:

{56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver

x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-1 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-19 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-1

297752]
S3 AX88178;10/100 Gigabit USB2.0 Network

Adapter;c:\windows\system32\drivers\ax88178.sys [2007-7-19 24192]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager

5.7.806.10245;c:\program files\google\google desktop

search\GoogleDesktop.exe [2007-9-23 29744]

=============== Created Last 30 ================

2010-09-17 02:40:53 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 02:40:47 20952 ----a-w-

c:\windows\system32\drivers\mbam.sys
2010-09-17 02:40:46 0 d-----w- c:\program files\Malwarebytes'

Anti-Malware
2010-09-17 01:33:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-17 00:16:34 0 d-----w- c:\docume~1\liz\applic~1\Desktop

Security

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2007-07-27 12:28:27 2775032 ----a-w- c:\program files\AiRoboForm.exe
2008-06-23 03:55:36 32768 -csha-w-

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008062220080623\index.dat
2008-08-03 11:56:52 32768 -csha-w-

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008080320080804\index.dat

============= FINISH: 20:49:17.63 ===============

shelf life
2010-09-22, 01:20
hi miamiwings,

Your log is a few days old. If you still need help simply reply back.

miamiwings
2010-09-23, 23:38
yes, I still need help. thanks

miamiwings
2010-09-23, 23:40
This log is from yesterday because I can't seem to get this darn computer to do much scanning.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Liz at 23:46:04.69 on 2010-09-22
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.161 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Liz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.peoplestring.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [nwiz] NWIZ.EXE /install
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\liz\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: plaxo.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.rcon.nl/activex/AMC.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://guckhin.serveftp.net/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-1 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-19 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-1 297752]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe --start-service --> c:\program files\secunia\psi\sua.exe --start-service [?]
S3 AX88178;10/100 Gigabit USB2.0 Network Adapter;c:\windows\system32\drivers\ax88178.sys [2007-7-19 24192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-21 38224]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

=============== Created Last 30 ================

2010-09-23 03:39:18 0 ----a-w- c:\documents and settings\liz\defogger_reenable
2010-09-22 16:12:12 0 d-----w- c:\program files\iPod
2010-09-22 14:25:50 0 d-----w- c:\program files\Bonjour
2010-09-21 16:18:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 16:17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 03:16:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-21 03:16:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 23:28:21 0 d-----w- c:\program files\Secunia
2010-09-20 15:28:59 0 d-----w- c:\windows\system32\wbem\Repository
2010-09-18 15:28:12 0 d-----w- c:\program files\Secunia(2)
2010-09-17 02:40:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 01:33:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 08:30:58 15544 ----a-w- c:\windows\system32\drivers\psi_mf.sys

==================== Find3M ====================

2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2007-07-27 12:28:27 2775032 ----a-w- c:\program files\AiRoboForm.exe
2008-06-23 03:55:36 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062220080623\index.dat
2008-08-03 11:56:52 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat

============= FINISH: 23:49:58.30 ===============

shelf life
2010-09-24, 00:28
ok. We will get another download to use. Its called combofix. There is a guide to read first. Read through the guide and apply the directions on your own machine. Post the combofix log.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

miamiwings
2010-09-24, 05:50
here it is. Thanks I also attached it.
ComboFix 10-09-23.01 - Liz 2010-09-23 21:47:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.144 [GMT -4:00]
Running from: c:\documents and settings\Liz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Liz\Application Data\EHEncrypt.dll
c:\documents and settings\Liz\Application Data\EHMD5.dll
c:\documents and settings\Liz\Application Data\EHZComp.dll
c:\documents and settings\Liz\Application Data\MBSEncryptPlugin3543.dll
c:\documents and settings\Liz\Application Data\MBSFolderitemsCreatePlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSFolderitemsPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSIconPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSMacOSXPlugin3545.dll
c:\documents and settings\Liz\Application Data\MBSMainPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSMemoryPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSPictureMacPlugin3552.dll
c:\documents and settings\Liz\Application Data\MBSPicturePlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSProcessPlugin3543.dll
c:\documents and settings\Liz\Application Data\MBSQTImporterPlugin3549.dll
c:\documents and settings\Liz\Application Data\MBSQuickTimePlugin3549.dll
c:\documents and settings\Liz\Application Data\MBSRectPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSRegistrationPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSRegistryPlugin3544.dll
c:\documents and settings\Liz\Application Data\MBSResPlugin3542.dll
c:\documents and settings\Liz\Application Data\MBSResStreamPlugin3552.dll
c:\documents and settings\Liz\Application Data\MBSUsernamePlugin3541.dll
c:\documents and settings\Liz\Application Data\MBSVersionPlugin3581.dll
c:\documents and settings\Liz\Application Data\MBSWinPlugin3544.dll
c:\documents and settings\Liz\Application Data\rbap450.dll
c:\documents and settings\Liz\Application Data\rbqt450.DLL
c:\documents and settings\Liz\Application Data\RBShell400.dll
c:\documents and settings\Liz\g2mdlhlpx.exe

Infected copy of c:\windows\system32\drivers\p3.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-22 16:12 . 2010-09-22 16:12 -------- d-----w- c:\program files\iPod
2010-09-22 15:19 . 2010-09-22 15:20 -------- d-----w- c:\program files\Apple Software Update
2010-09-22 14:25 . 2010-09-22 14:26 -------- d-----w- c:\program files\Bonjour
2010-09-21 16:18 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 16:17 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 03:16 . 2010-09-21 03:15 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 23:29 . 2010-09-20 23:29 -------- d-----w- c:\documents and settings\Liz\Local Settings\Application Data\Secunia PSI
2010-09-20 23:28 . 2010-09-20 23:28 -------- d-----w- c:\program files\Secunia
2010-09-20 15:28 . 2010-09-20 15:28 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-18 15:28 . 2010-09-20 15:27 -------- d-----w- c:\program files\Secunia(2)
2010-09-18 00:39 . 2010-09-20 15:27 -------- d-----w- c:\program files\ERUNT
2010-09-17 12:31 . 2010-09-17 12:31 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Apple Computer
2010-09-17 02:40 . 2010-09-21 16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 01:33 . 2010-09-22 15:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-01 08:30 . 2010-09-01 08:30 15544 ----a-w- c:\windows\system32\drivers\psi_mf.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 01:41 . 2009-06-12 13:50 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-22 16:16 . 2010-05-10 22:13 -------- d-----w- c:\program files\iTunes
2010-09-22 16:12 . 2008-06-01 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-09-21 23:49 . 2007-07-20 01:12 -------- d-----w- c:\program files\QuickTime
2010-09-21 22:49 . 2008-01-22 17:56 -------- d-----w- c:\program files\Yahoo!
2010-09-21 19:00 . 2007-09-23 12:31 -------- d-----w- c:\program files\Google
2010-09-21 03:17 . 2010-09-21 03:17 503808 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f600130-n\msvcp71.dll
2010-09-21 03:17 . 2010-09-21 03:17 499712 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f600130-n\jmc.dll
2010-09-21 03:17 . 2010-09-21 03:17 348160 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f600130-n\msvcr71.dll
2010-09-21 03:17 . 2010-09-21 03:17 61440 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d805fa0-n\decora-sse.dll
2010-09-21 03:17 . 2010-09-21 03:17 12800 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d805fa0-n\decora-d3d.dll
2010-09-21 02:55 . 2010-09-20 23:51 79488 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-09-21 02:54 . 2010-09-20 23:51 152576 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-09-21 01:37 . 2007-07-30 18:59 -------- d-----w- c:\program files\Common Files\Java
2010-09-20 17:33 . 2007-09-04 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-19 17:11 . 2008-02-18 13:32 -------- d-----w- c:\documents and settings\Liz\Application Data\WinPatrol
2010-09-01 13:12 . 2010-09-01 13:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-12 23:38 . 2007-07-28 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 16:13 . 2009-07-07 12:08 -------- d-----w- c:\program files\CCleaner
2010-08-10 12:38 . 2008-08-01 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-01 16:08 . 2010-08-01 16:08 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 00:10 . 2010-06-30 00:10 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2007-07-27 12:28 . 2007-07-27 12:28 2775032 ----a-w- c:\program files\AiRoboForm.exe
2008-09-11 15:58 . 2008-09-11 15:59 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-10 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-10 2048352]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-09-21 329096]
"nwiz"="NWIZ.EXE" [2003-07-28 323584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Liz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-9-1 1333304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 13:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-01 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-01 297752]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe --start-service --> c:\program files\Secunia\PSI\sua.exe --start-service [?]
S3 AX88178;10/100 Gigabit USB2.0 Network Adapter;c:\windows\system32\drivers\ax88178.sys [2007-07-19 1:41 PM 24192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-09-21 38224]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 4:30 AM 15544]
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-09-04 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.peoplestring.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: plaxo.com\www
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://guckhin.serveftp.net/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 22:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-23 22:32:33
ComboFix-quarantined-files.txt 2010-09-24 02:32

Pre-Run: 13,827,420,160 bytes free
Post-Run: 14,153,302,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 782FDB8B431E1D5CFEB97BD8894CE224

shelf life
2010-09-25, 00:35
hi,

Ok good. Must be better now. Please check malwarebytes for updates then do a full scan with it.

miamiwings
2010-09-25, 06:42
My computer seems to be running a lot smoother.


I started the mlwarebytes scan and had to pause. There were 2 problems in the first scan.Trojan.Vundo I continued and it seems to be OK. Should I post the malwarebytes logs?
One thing that seems persistent is that when I open a flyoput or pulldown menu, they never seem to want to go back. It also takes forever to open internet explorer to my home page.
thanks for all your help.

miamiwings
2010-09-25, 16:47
This morning scan with avg noted three virus infections on my computer,
O cut and pasted. these were found after running combofix last night

"Infection";"Trojan horse PSW.Generic8.UMU";"C:\System Volume Information\_restore{2AB0D49D-DD08-422D-8AE3-2C3A9B4FFA5E}\RP1184\A0268205.dll";"";"9/25/2010, 6:24:17 AM"

"Infection";"Trojan horse Generic19.WRI";"C:\System Volume Information\_restore{2AB0D49D-DD08-422D-8AE3-2C3A9B4FFA5E}\RP1184\A0268099.dll";"";"9/25/2010, 6:23:02 AM"

"Infection";"Virus identified Win32/Patched.DX";"C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\p3.sys.vir";"";"9/25/2010, 6:04:11 AM"
please help. thanks thanks

miamiwings
2010-09-25, 16:49
In my previous post, I meant to write, after running malwarebytes not combofix sorry

shelf life
2010-09-25, 18:41
hi,

What AVg found: system restore is Windows restore point which we will clean out as a last step. Qoobox\Quarantine is combofix's quarantine folder.
Why dont you try disabling spybots tea timer for the slow browser issue:

* Go into Spybot > Mode > Advanced Mode > Tools > Resident.
o Uncheck (if checked) the following:
+ Resident "SDHelper" (Internet Explorer bad download blocker) active.
+ Resident "TeaTimer" (Protection of over-all system settings) active.
* Exit and restart all Windows Explorer and Internet Explorer sessions.

miamiwings
2010-09-27, 05:36
I reset spybot, restarted computer, windows, etc. It seems a little better. I thank you a lot for your help. Is there anything else I should do, uninstall? You have made my day, in fact, my week.

shelf life
2010-09-29, 01:07
ok good. You can remove combofix like this;

start>run and type in:
combofix /uninstall
click ok or enter
Note the space after the x and before the /

Note the free version of malwarebytes must be updated manually and a scan started manually. Its good practice to keep it update even if you dont scan that much with it.

You can make a new restore point, the how and the why:

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

I made your week, that's good. Happy safe surfing out there.