I have a trojan

[SuperDave]

Both of those logs look good. You appear to have some remnants of AVG on your computer. Please run this AVG Removal Tool to get rid of them.

AVG Antivirus - AVG Antivirus Remover utility

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
*******************************************************
Also, please run another scan with ComboFix and post the log.

[The Bubba]

Sorry not to get back sooner, fell asleep on the couth.

Here are the two logs you requested...Malwarebytes and combofix

Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 3

5/2/2011 1:20:20 AM
mbam-log-2011-05-02 (01-20-20).txt

Scan type: Quick Scan
Objects scanned: 75641
Time elapsed: 15 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 11-04-29.02 - John 05/02/2011   1:49.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.519 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-02 to 2011-05-02  )))))))))))))))))))))))))))))))
.
.
2011-05-02 05:26 . 2011-05-02 05:26   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl8002e529.sys
2011-05-02 04:53 . 2011-05-02 04:53   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl82cbd4f6.sys
2011-05-01 17:51 . 2011-04-18 13:15   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-01 17:51 . 2011-04-18 13:15   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\mpengine.dll
2011-05-01 01:34 . 2010-11-24 13:18   89192   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-05-01 01:34 . 2010-07-08 13:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-05-01 01:34 . 2010-02-05 13:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-05-01 01:34 . 2010-11-25 14:42   124992   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-05-01 01:34 . 2011-05-01 01:37   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-04-29 23:51 . 2010-10-19 20:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-04-29 23:48 . 2011-04-29 23:48   --------   d-----w-   c:\program files\Microsoft Security Client
2011-04-28 03:56 . 2011-04-28 03:56   388096   ----a-r-   c:\documents and settings\John\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-26 15:44 . 2010-11-17 14:19   249616   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2011-04-26 15:44 . 2010-11-25 14:53   160448   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-26 15:44 . 2010-03-29 15:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2011-04-26 15:44 . 2010-02-05 13:25   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2011-04-26 15:44 . 2011-04-26 15:50   --------   d-----w-   c:\program files\Spyware Doctor
2011-04-26 15:44 . 2011-04-26 15:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-04-26 15:44 . 2011-04-26 15:44   --------   d-----w-   c:\documents and settings\John\Application Data\PC Tools
2011-04-26 15:42 . 2011-04-26 15:48   --------   d-----w-   c:\documents and settings\John\Application Data\GetRightToGo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 13:21 . 2011-03-19 13:21   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33 . 2008-10-21 20:25   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 00:21   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-10-21 20:23   2067456   ----a-w-   c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-29_23.34.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-02 05:08 . 2011-05-02 05:08   21504              c:\windows\Installer\f49b6.msi
- 2010-06-08 12:41 . 2011-02-15 18:02   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-08 12:41 . 2011-04-30 02:34   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48   626688              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48   548864              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48   479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2010-10-25 01:25 . 2010-10-25 01:25   165264              c:\windows\system32\drivers\MpFilter.sys
+ 2011-04-29 23:48 . 2011-04-29 23:48   786432              c:\windows\Installer\2bf6a5.msi
+ 2011-04-29 23:48 . 2011-04-29 23:48   479744              c:\windows\Installer\2bf69f.msi
+ 2011-04-29 23:48 . 2011-04-29 23:48   301056              c:\windows\Installer\2bf69a.msi
+ 2008-10-24 02:51 . 2011-04-18 19:46   42181064              c:\windows\system32\MRT.exe
+ 2011-04-30 02:31 . 2011-04-30 02:31   20314624              c:\windows\Installer\1adf10.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8c49a3d1-585b-4eab-985d-6ad480b4f23d}"= "c:\program files\Kentucky Wildcats Toolbar\Helper.dll" [2010-08-13 243200]
"{6fe46bf4-267f-4d8c-89b9-6c7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8c49a3d1-585b-4eab-985d-6ad480b4f23d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{763C8C3E-9677-474E-B4BD-6ABC7DDDE090}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A118156-5307-4BFB-9548-B423FDF368A8}]
2010-08-13 23:14   1498624   ----a-w-   c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\Funchester\prxtbFun2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-08-13 1498624]
"{6fe46bf4-267f-4d8c-89b9-6c7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-08-13 1498624]
"{6FE46BF4-267F-4D8C-89B9-6C7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-07-21 2736128]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2003-01-24 348160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Kentucky Wildcats Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Kentucky Wildcats Toolbar\\ToolbarUpdate.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/26/2011 11:44 AM 218592]
R1 MpKsl8002e529;MpKsl8002e529;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl8002e529.sys [5/2/2011 1:26 AM 28752]
R1 MpKsl82cbd4f6;MpKsl82cbd4f6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl82cbd4f6.sys [5/2/2011 12:53 AM 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/26/2011 11:44 AM 249616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [10/21/2008 4:40 PM 73464]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [4/26/2011 11:44 AM 160448]
R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [6/27/2007 1:20 AM 10240]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [4/30/2011 9:34 PM 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [4/30/2011 9:34 PM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [4/30/2011 9:34 PM 124992]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 MpKsl3ece6eb6;MpKsl3ece6eb6;

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 2:24 PM 135664]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 2:24 PM 135664]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [9/14/2009 3:41 PM 18432]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\PC Alert 4\NTGLM7X.sys --> c:\program files\MSI\PC Alert 4\NTGLM7X.sys [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [4/30/2011 9:34 PM 57536]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/26/2011 11:44 AM 70408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8002E529
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-07-21 16:20   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 19:46]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 18:23]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 18:23]
.
2011-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-04-29 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bigblueheaven.proboards.com/index.cgi
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 02:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-02  02:10:19
ComboFix-quarantined-files.txt  2011-05-02 06:10
ComboFix2.txt  2011-04-29 23:39
.
Pre-Run: 94,840,037,376 bytes free
Post-Run: 94,972,563,456 bytes free
.
- - End Of File - - 4B757F5A7D8EAB75A75A5ACDEEAEC70B

[SuperDave]

I need to run another few scans to make sure the infection is gone.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:

Code: [Select]

"Rootkit Unhooker has detected a parasite inside itself!

Code: [Select]

It is recommended to remove parasite, okay?"

[The Bubba]

I installed 7zip, downloaded RKU to my desktop. That's when things don't do right. When mousing over 7zip and extracting to RKU, it says it can't open the C:documents and settings\john's desktop\RKUexe' as an archive. I tried just to extract it and you would have thought I was opening Pandora's box. I had changed my antivirus to Avast and it wanted to open it in it's sandbox. What to do now?

[SuperDave]

Ok. Don't bother with it. It was just another scan to make sure that infection was gone. It didn't show in the other two scans so I'm quite certain it's gone. How's your computer running?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[The Bubba]

Dave I'm sorry but I'm going elsewheres. My computer still isn't acting right and I feel like a trick pony jumping through hoops. Have a nice day.

[The Bubba]

Dave, I'm sorry for my sharp remarks, I do appreciate you trying to help me.

[SuperDave]

I'm sorry that you feel that way. You had a severe infection and not too many other forums know how to deal with it. If that last scan would have been run, then we were all finished except for the cleanup of all the tools we use.

[The Bubba]

I'm sorry again I popped off. Here is the file you wanted. There were actually 4 threats but I remembered I was supposed to save the file. It cleaned all four anyway, two when I ran it halfway and then this time. Thanks for your help. I hope this got them all.



C:\System Volume Information\_restore{A2F51B10-7FAA-446F-8ABC-330C2F74D431}\RP770\A0149740.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{A2F51B10-7FAA-446F-8ABC-330C2F74D431}\RP786\A0169948.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application   cleaned by deleting - quarantined

[The Bubba]

My computer still has a problem and had it before I did the last program. I noticed it first trying to play a game located on msn. I tried to open my email service and got an error has happened and the tab has been recovered. This was the same error message when trying to play that game. It basically won't let you go to a particular page on that site.

[SuperDave]

Your computer looks clean now. Can you give me a screenshot of that problem with the game?

How to post screenshots or images

[The Bubba]

I also did a long scan with Avast and was found clean. Here is the screen shot. It is showing it right before it transitions back to the page where you click to play the game.

[SuperDave]

It appears to be  a problem with that particular site.Can you do this for me. Right-click in the address bar and select "copy" When you post your reply just right click anywhere in your reply and click "paste" or click CTRL + V and the address should be pasted in your reply. Please send that to me.

[The Bubba]

I have played this game for a couple of years now and this never happened. I wouldn't have thought too much about it until it happened on another site and it was just opening a web page, not a game. Here is the address.

http://zone.msn.com/en/texttwist/default.htm?intgid=hp_populargames_2

PS: I was able to get to my email address without the problem, that's a biggie. Oh BTW, I deleated all of the files and removed all of the programs used to get rid of the virus. I thought maybe that would help.

[The Bubba]

This is the answer to the "this tab has been recovered". I found this and tried it and it worked.

a)   Click the Start button, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).

PS: A bit premature on the popping of the champagne...it seems I need to install Adobe flash player and it's being a bit difficult.