malwarebytes not getting rid of threats

[bmoster]

After running malwarebytes it found 34 threats and it got rid of all but 3. Ive since ran it approx ten times it still says it found these three threats.I downloaded combo fix and im still having this problem here is the log from malwarebytes

Malwarebytes' Anti-Malware 1.41

Database version: 3253

Windows 5.1.2600 Service Pack 3

2009-11-29 13:21:44

mbam-log-2009-11-29 (13-21-44).txt

Scan type: Quick Scan

Objects scanned: 116127

Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\All Users\Documents\lyfyjota._sy (Rogue.AntiVirusPro) -> Delete on reboot.

C:\Documents and Settings\All Users\Documents\ezibazacov.bin (Rogue.AntiVirusPro) -> Delete on reboot.

C:\Documents and Settings\All Users\Documents\editopit.db (Rogue.AntiVirusPro) -> Delete on reboot.

and here is the combo fix log

ComboFix 09-11-29.01 - Barry 2009-11-29 13:54.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.98 [GMT -5:00]

Running from: c:\documents and settings\Barry\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.

2009-11-22 23:48 . 2009-11-22 23:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-11-22 23:48 . 2009-11-29 17:14 -------- d-----w- c:\documents and settings\Barry\Application Data\skypePM

2009-11-22 23:45 . 2009-11-29 19:27 -------- d-----w- c:\documents and settings\Barry\Application Data\Skype

2009-11-22 23:44 . 2009-11-22 23:44 -------- d-----w- c:\program files\tbh

2009-11-22 23:42 . 2009-11-22 23:42 -------- d-----w- c:\program files\Common Files\Skype

2009-11-22 23:42 . 2009-11-22 23:43 -------- d-----r- c:\program files\Skype

2009-11-22 23:42 . 2009-11-22 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-11-22 18:59 . 2009-11-22 18:59 152576 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-22 18:58 . 2009-11-22 18:58 79488 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-18 01:43 . 2009-11-18 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

2009-11-18 01:40 . 2009-11-18 01:40 -------- d-----w- c:\program files\iPod

2009-11-18 01:39 . 2009-11-18 01:41 -------- d-----w- c:\program files\iTunes

2009-11-18 01:28 . 2009-11-18 01:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-05 20:49 . 2009-11-05 20:50 -------- d-----w- c:\program files\Common Files\COWON

2009-11-05 20:49 . 2009-11-05 20:50 -------- d-----w- c:\program files\JetAudio

2009-11-05 20:46 . 2009-11-05 20:46 -------- d-----w- c:\documents and settings\Barry\Application Data\InstallShield

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-29 02:01 . 2008-11-28 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-29 02:01 . 2009-03-08 18:17 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-11-25 23:21 . 2008-10-09 20:16 -------- d-----w- c:\program files\McAfee

2009-11-22 19:03 . 2009-03-17 19:50 -------- d-----w- c:\program files\Java

2009-11-21 18:22 . 2008-10-09 21:21 -------- d-----w- c:\program files\Picture Resize Genius

2009-11-18 01:46 . 2009-06-18 23:09 -------- d-----w- c:\program files\Safari

2009-11-18 01:40 . 2008-11-03 01:04 -------- d-----w- c:\program files\Common Files\Apple

2009-11-05 20:51 . 2008-10-10 00:19 -------- d-----w- c:\documents and settings\Barry\Application Data\COWON

2009-11-05 20:49 . 2008-10-09 01:06 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-27 01:45 . 2009-10-27 01:45 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2009-10-26 00:54 . 2008-10-09 00:59 -------- d-----w- c:\documents and settings\Barry\Application Data\U3

2009-10-24 16:55 . 2009-10-24 16:54 -------- d-----w- c:\program files\QuickTime

2009-10-22 18:57 . 2009-10-22 18:57 217088 ----a-w- c:\documents and settings\Barry\Application Data\Mozilla\Firefox\Profiles\h37sk8vo.default\extensions\browserhighlighter@ebay.com\components\Shim.dll

2009-10-17 21:50 . 2009-03-28 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-10-17 21:28 . 2009-07-11 00:59 -------- d-----w- c:\program files\Duplicate File Remover

2009-10-16 02:25 . 2009-10-16 02:25 -------- d-----w- c:\program files\4Media

2009-10-12 19:36 . 2008-10-09 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-10-12 16:52 . 2009-10-12 16:52 71624 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-11 09:17 . 2009-01-02 17:40 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-10 19:08 . 2009-10-10 19:04 -------- d-----w- c:\documents and settings\Barry\Application Data\AICPA

2009-10-10 19:04 . 2009-10-10 19:04 -------- d-----w- c:\program files\AICPASampleTest

2009-10-04 17:24 . 2009-10-04 17:22 -------- d-----w- c:\program files\Startup Manager

2009-10-04 17:22 . 2009-10-04 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Startup Manager

2009-09-29 21:15 . 2009-09-29 21:15 389120 ----a-w- c:\windows\system32\CF13033.exe

2009-09-29 21:15 . 2009-09-29 21:15 389120 ----a-w- c:\windows\system32\CF13026.exe

2009-09-16 14:22 . 2008-10-09 20:17 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-09-16 14:22 . 2008-10-09 20:17 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-09-16 14:22 . 2008-10-09 20:17 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-09-16 14:22 . 2008-10-09 20:17 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-09-16 14:22 . 2008-10-09 20:17 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-09-10 19:54 . 2008-11-28 16:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2008-11-28 16:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2008-10-11 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]

[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

2008-10-11 22:43 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]

"Google Update"="c:\documents and settings\Barry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-24 133104]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 499712]

"SunKist"="c:\program files\Digital Media Reader\shwicon2k.exe" [2004-05-26 139264]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2009-11-29 492840]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Barry\Start Menu\Programs\Startup\

Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-10-11 157000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Barry^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

path=c:\documents and settings\Barry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=

"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-10-11 10240]

R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-07-10 1386008]

R2 HF30Sys;HF30Sys;c:\program files\Everstrike Software\Hide Folder 3.1\HF30XP.sys [2009-02-08 67888]

R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]

R3 HF30Kbd;HF30Kbd;c:\program files\Everstrike Software\Hide Folder 3.1\HF30Kbd2K.sys [2009-02-08 9856]

S0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\Drivers\AFPAnsi.sys --> c:\windows\system32\Drivers\AFPAnsi.sys [?]

S1 SuperMounter;SuperMounter; [x]

.

Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1767777339-839522115-1004Core.job

- c:\documents and settings\Barry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 15:16]

2009-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1767777339-839522115-1004UA.job

- c:\documents and settings\Barry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 15:16]

2009-08-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-09 16:22]

2008-10-09 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-09 16:22]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {88650482-3892-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

FF - ProfilePath - c:\documents and settings\Barry\Application Data\Mozilla\Firefox\Profiles\h37sk8vo.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/index.jsp?speedbarconfigchangedhttp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\documents and settings\Barry\Application Data\Mozilla\Firefox\Profiles\h37sk8vo.default\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Barry\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverMax - (no file)

AddRemove-Broadcom 802.11b Network Adapter - c:\windows\system32\BCMWLU00.exe verbose

AddRemove-CopyTrans Suite - c:\program files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall

AddRemove-Gateway Drivers and Applications Recovery - c:\program files\Gateway\HPA\GWMenu.exe UNINSTALL

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-29 14:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]

"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(14840)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2009-11-29 14:36

ComboFix-quarantined-files.txt 2009-11-29 19:36

Pre-Run: 64,397,848,576 bytes free

Post-Run: 65,240,363,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 1347E0B305B9F605883AF4C38784F2CD

Thanks in Advance

[prairie dog]

Hello, and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org