You are so kind to spend your time doing this helping!
combofix below imbedded.
dds worked and attached. I could not figure out how to zip the attach file so I just saved it as a txt document. If you give me instructions how to zip it, then I will do so if necessary.
thanks for your help
ComboFix 10-08-12.03 - Liz 08/13/2010 16:56:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.176 [GMT -7:00]
Running from: c:\documents and settings\Liz\My Documents\Downloads\bbcoachrobFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Liz\Recent\Thumbs.db
C:\LOG19.tmp
C:\LOG3.tmp
C:\LOG51.tmp
C:\LOG57.tmp
C:\LOG6.tmp
C:\LOG8.tmp
C:\LOGC3.tmp
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.
2010-08-10 04:09 . 2010-08-10 03:50 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-10 03:48 . 2010-08-12 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-10 03:39 . 2010-08-10 03:39 -------- d-----w- c:\documents and settings\Liz\Application Data\Malwarebytes
2010-08-10 03:39 . 2010-08-10 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-10 03:39 . 2010-08-13 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 23:39 . 2010-08-08 23:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-08 23:39 . 2010-08-12 20:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 17:52 . 2010-08-08 18:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-06 16:59 . 2010-08-06 16:59 503808 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4b190802-n\msvcp71.dll
2010-08-06 16:59 . 2010-08-06 16:59 499712 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4b190802-n\jmc.dll
2010-08-06 16:59 . 2010-08-06 16:59 348160 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4b190802-n\msvcr71.dll
2010-08-06 16:59 . 2010-08-06 16:59 12800 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2d02c30a-n\decora-d3d.dll
2010-08-06 16:59 . 2010-08-06 16:59 61440 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2d02c30a-n\decora-sse.dll
2010-08-04 05:24 . 2010-08-04 05:24 -------- d-----w- c:\documents and settings\Liz\Application Data\Lexmark Productivity Studio
2010-08-04 05:22 . 2010-08-04 05:22 -------- d-----w- c:\program files\Lexmark Toolbar
2010-08-04 04:58 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-04 04:58 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-04 04:58 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-08-04 04:58 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-08-04 04:58 . 2007-01-24 02:40 65536 ----a-w- c:\windows\system32\lxddcaps.dll
2010-08-04 04:58 . 2007-01-10 00:13 692224 ----a-w- c:\windows\system32\lxdddrs.dll
2010-08-04 04:58 . 2006-10-07 00:08 69632 ----a-w- c:\windows\system32\lxddcnv4.dll
2010-07-30 02:25 . 2010-07-30 02:25 -------- d-----w- c:\documents and settings\Liz\Local Settings\Application Data\tjnet
2010-07-29 01:46 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Liz\Application Data\mjusbsp\in00000\setup.exe
2010-07-29 01:46 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Liz\Application Data\mjusbsp\ar00000\install.exe
2010-07-29 00:22 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Liz\Application Data\mjusbsp\Upgrade\setup1.exe
2010-07-29 00:22 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Liz\Application Data\mjusbsp\Upgrade\install1.exe
2010-07-29 00:21 . 2010-08-08 06:39 -------- d-----w- c:\documents and settings\Liz\Application Data\mjusbsp
2010-07-19 04:28 . 2010-07-19 04:28 2605008 ----a-w- c:\documents and settings\Liz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 18:49 . 2010-06-25 18:35 -------- d-----w- c:\program files\Lx_cats
2010-08-13 16:10 . 2010-06-16 19:36 -------- d-----w- c:\documents and settings\Liz\Application Data\U3
2010-08-12 22:27 . 2003-09-17 16:42 1 ----a-w- c:\documents and settings\Liz\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-12 17:58 . 2010-08-12 17:22 1312 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-08-12 03:30 . 2010-08-12 03:27 6328 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-10 03:23 . 2008-03-16 18:26 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 03:21 . 2008-03-16 18:26 -------- d-----w- c:\program files\Java
2010-08-04 05:23 . 2010-06-25 18:35 -------- d-----w- c:\program files\Lexmark 2500 Series
2010-07-17 12:00 . 2003-09-17 16:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 23:21 . 2008-03-16 18:22 20664 ----a-w- c:\documents and settings\Liz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 02:06 . 2010-06-29 02:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 19:21 . 2010-06-25 19:21 -------- d-----w- c:\program files\MSBuild
2010-06-25 19:20 . 2010-06-25 19:20 -------- d-----w- c:\program files\Reference Assemblies
2010-06-25 19:00 . 2010-06-25 18:59 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-25 18:59 . 2010-06-25 18:59 -------- d-----w- c:\program files\Windows Media Components
2010-06-25 18:58 . 2010-06-25 18:57 -------- d-----w- c:\program files\Logitech
2010-06-25 18:58 . 2010-06-25 18:58 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2010-06-25 18:58 . 2008-03-16 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 17:59 . 2010-06-25 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-06-16 22:36 . 2008-03-16 18:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-16 18:25 . 2008-03-16 17:30 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-14 14:31 . 2008-03-16 17:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 23:58 . 2010-06-11 23:58 503808 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24f202de-n\msvcp71.dll
2010-06-11 23:58 . 2010-06-11 23:58 499712 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24f202de-n\jmc.dll
2010-06-11 23:58 . 2010-06-11 23:58 348160 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24f202de-n\msvcr71.dll
2010-06-11 23:58 . 2010-06-11 23:58 61440 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46987e93-n\decora-sse.dll
2010-06-11 23:58 . 2010-06-11 23:58 12800 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46987e93-n\decora-d3d.dll
2010-06-09 06:08 . 2003-09-17 10:26 2839904 -c--a-w- c:\documents and settings\All Users\Application Data\{B04ACE34-3217-4750-80C8-FF0526780A60}\UpdateMyDrivers.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2003-09-17 39408]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-06-25 16384]
"cdloader"="c:\documents and settings\Liz\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"Hcontrol"="c:\windows\Hcontrol.exe" [2002-01-08 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-07-06 291504]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-11 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-11 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-11 61440]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\Liz\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-6-25 169472]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Documents and Settings\\Liz\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/11/2010 2:39 PM 135336]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/16/2008 2:19 AM 71961]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2003 5:10 AM 136176]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);c:\windows\system32\drivers\LVVIMULB.SYS [6/25/2010 12:00 PM 163328]
.
Contents of the 'Scheduled Tasks' folder
2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2003-09-17 12:10]
2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2003-09-17 12:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Liz\Application Data\Mozilla\Firefox\Profiles\spvmsmhd.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-13 17:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-13 17:05:06
ComboFix-quarantined-files.txt 2010-08-14 00:05
Pre-Run: 68,105,826,304 bytes free
Post-Run: 68,382,052,352 bytes free
- - End Of File - - 02E30BADF9D8E822F4AB2696AFFF373B