Exploit Blackhole Exploit Kit Trojan?

My computer is infected with a trojan. I have attached the OTL text file as a zip file, here is the aswMBR Log file:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-17 08:09:54
-----------------------------
08:09:54.453 OS Version: Windows 5.1.2600 Service Pack 3
08:09:54.453 Number of processors: 2 586 0x4B02
08:09:54.453 ComputerName: JOHN1 UserName: JOHN
08:09:56.062 Initialize success
08:10:13.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10
08:10:13.625 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
08:10:13.625 Disk 0 MBR read successfully
08:10:13.625 Disk 0 MBR scan
08:10:13.625 Disk 0 unknown MBR code
08:10:13.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 258255 MB offset 63
08:10:13.625 Disk 0 Partition - 00 0F Extended LBA 218681 MB offset 528907995
08:10:13.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218681 MB offset 528908058
08:10:13.640 Disk 0 scanning sectors +976768065
08:10:13.703 Disk 0 scanning C:\WINDOWS\system32\drivers
08:10:18.328 File: C:\WINDOWS\system32\drivers\avgldx86.sys **SUSPICIOUS**
08:10:23.421 Disk 0 trace - called modules:
08:10:23.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb66d8ff0]<<
08:10:23.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4d9ab8]
08:10:23.500 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a4f82d8]
08:10:23.500 \Driver\00001482[0x8a267268] -> IRP_MJ_CREATE -> 0xb66d8ff0
08:10:23.500 Scan finished successfully
08:10:39.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JOHN\Desktop\MBR.dat"
08:10:39.406 The log file has been saved successfully to "C:\Documents and Settings\JOHN\Desktop\aswMBR.txt"


Please let me know what to do next.

Thanks, John

Hi.Welcome to the forum


Please run all these programs..


Download the TDSSKiller.exe and extract to your Desktop.


Execute TDSSKiller.exe by doubleclicking on it. You may be prompted to restart your machine. Type Y at the prompt.

Once complete, a log will be produced at root. It will be named

UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.


Attach that log here please.



====================================================






Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper

OK, here are the files:

TDSSKiller.2.7.3.0_17.01.2012_17.38.08_log.txt

17:38:08.0718 3268 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
17:38:09.0078 3268 ============================================================
17:38:09.0078 3268 Current date / time: 2012/01/17 17:38:09.0078
17:38:09.0078 3268 SystemInfo:
17:38:09.0078 3268
17:38:09.0093 3268 OS Version: 5.1.2600 ServicePack: 3.0
17:38:09.0093 3268 Product type: Workstation
17:38:09.0093 3268 ComputerName: JOHN1
17:38:09.0093 3268 UserName: JOHN
17:38:09.0093 3268 Windows directory: C:\WINDOWS
17:38:09.0093 3268 System windows directory: C:\WINDOWS
17:38:09.0093 3268 Processor architecture: Intel x86
17:38:09.0093 3268 Number of processors: 2
17:38:09.0093 3268 Page size: 0x1000
17:38:09.0093 3268 Boot type: Normal boot
17:38:09.0093 3268 ============================================================
17:38:11.0984 3268 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:38:12.0218 3268 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:38:12.0734 3268 Initialize success
17:38:20.0218 2576 ============================================================
17:38:20.0218 2576 Scan started
17:38:20.0218 2576 Mode: Manual;
17:38:20.0218 2576 ============================================================
17:38:22.0312 2576 Abiosdsk - ok
17:38:22.0406 2576 abp480n5 - ok
17:38:22.0546 2576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:38:22.0562 2576 ACPI - ok
17:38:22.0734 2576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:38:22.0765 2576 ACPIEC - ok
17:38:22.0796 2576 adpu160m - ok
17:38:22.0984 2576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:38:23.0000 2576 aec - ok
17:38:23.0093 2576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:38:23.0125 2576 AFD - ok
17:38:23.0156 2576 Aha154x - ok
17:38:23.0203 2576 aic78u2 - ok
17:38:23.0265 2576 aic78xx - ok
17:38:23.0796 2576 ALCXWDM (34b9d50a34679da69ed51e3cda41bc1e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:38:24.0125 2576 ALCXWDM - ok
17:38:24.0250 2576 AliIde - ok
17:38:24.0359 2576 amsint - ok
17:38:24.0468 2576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:38:24.0468 2576 Arp1394 - ok
17:38:24.0546 2576 asc - ok
17:38:24.0609 2576 asc3350p - ok
17:38:24.0703 2576 asc3550 - ok
17:38:24.0828 2576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:24.0875 2576 AsyncMac - ok
17:38:25.0000 2576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:38:25.0000 2576 atapi - ok
17:38:25.0078 2576 Atdisk - ok
17:38:25.0171 2576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:38:25.0171 2576 Atmarpc - ok
17:38:25.0250 2576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:38:25.0281 2576 audstub - ok
17:38:25.0421 2576 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:38:25.0468 2576 AVGIDSDriver - ok
17:38:25.0593 2576 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:38:25.0609 2576 AVGIDSEH - ok
17:38:25.0671 2576 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:38:25.0687 2576 AVGIDSFilter - ok
17:38:25.0734 2576 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:38:25.0750 2576 AVGIDSShim - ok
17:38:25.0828 2576 Avgldx86 (569003deab4012bd86fb41c18449250d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:38:26.0109 2576 Avgldx86 - ok
17:38:26.0171 2576 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:38:26.0187 2576 Avgmfx86 - ok
17:38:26.0234 2576 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:38:26.0265 2576 Avgrkx86 - ok
17:38:26.0359 2576 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:38:26.0421 2576 Avgtdix - ok
17:38:26.0468 2576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:38:26.0468 2576 Beep - ok
17:38:26.0531 2576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:38:26.0531 2576 cbidf2k - ok
17:38:26.0593 2576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:38:26.0593 2576 CCDECODE - ok
17:38:26.0718 2576 cd20xrnt - ok
17:38:26.0812 2576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:38:26.0828 2576 Cdaudio - ok
17:38:26.0890 2576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:38:26.0890 2576 Cdfs - ok
17:38:26.0968 2576 Cdr4_xp (c3e76b0c05ebf7261abfb08d9e75822e) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
17:38:26.0968 2576 Cdr4_xp - ok
17:38:27.0031 2576 Cdralw2k (17590dfe29e02842a6e3a463e443d1b9) C:\WINDOWS\system32\drivers\Cdralw2k.sys
17:38:27.0078 2576 Cdralw2k - ok
17:38:27.0203 2576 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:38:27.0375 2576 cdrbsdrv - ok
17:38:27.0906 2576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:38:27.0984 2576 Cdrom - ok
17:38:28.0265 2576 Changer - ok
17:38:28.0343 2576 CmdIde - ok
17:38:28.0421 2576 Cpqarray - ok
17:38:28.0468 2576 dac2w2k - ok
17:38:28.0546 2576 dac960nt - ok
17:38:28.0656 2576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:38:28.0671 2576 Disk - ok
17:38:28.0765 2576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:38:28.0953 2576 dmboot - ok
17:38:29.0093 2576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:38:29.0125 2576 dmio - ok
17:38:29.0218 2576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:38:29.0218 2576 dmload - ok
17:38:29.0296 2576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:38:29.0312 2576 DMusic - ok
17:38:29.0390 2576 dpti2o - ok
17:38:29.0500 2576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:38:29.0515 2576 drmkaud - ok
17:38:29.0578 2576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:38:29.0640 2576 Fastfat - ok
17:38:29.0796 2576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:38:29.0812 2576 Fdc - ok
17:38:29.0968 2576 FETND5BV (af8af100f0dd397a34bb273bc64aef1a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
17:38:30.0046 2576 FETND5BV - ok
17:38:30.0140 2576 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:38:30.0171 2576 FETNDIS - ok
17:38:30.0250 2576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:38:30.0265 2576 Fips - ok
17:38:30.0343 2576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:38:30.0343 2576 Flpydisk - ok
17:38:30.0453 2576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:38:30.0500 2576 FltMgr - ok
17:38:30.0625 2576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:30.0640 2576 Fs_Rec - ok
17:38:30.0812 2576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:38:30.0828 2576 Ftdisk - ok
17:38:30.0875 2576 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:38:30.0890 2576 gagp30kx - ok
17:38:31.0046 2576 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:38:31.0062 2576 GEARAspiWDM - ok
17:38:31.0203 2576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:38:31.0218 2576 Gpc - ok
17:38:31.0437 2576 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:38:31.0484 2576 hamachi - ok
17:38:31.0640 2576 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:38:31.0656 2576 hidusb - ok
17:38:31.0703 2576 hpn - ok
17:38:31.0859 2576 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:38:31.0890 2576 HPZid412 - ok
17:38:32.0000 2576 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:38:32.0062 2576 HPZipr12 - ok
17:38:32.0156 2576 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:38:32.0218 2576 HPZius12 - ok
17:38:32.0406 2576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:38:32.0546 2576 HTTP - ok
17:38:32.0671 2576 i2omgmt - ok
17:38:32.0750 2576 i2omp - ok
17:38:32.0859 2576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:38:32.0859 2576 i8042prt - ok
17:38:32.0968 2576 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys
17:38:33.0015 2576 ICDUSB2 - ok
17:38:33.0109 2576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:38:33.0125 2576 Imapi - ok
17:38:33.0218 2576 ini910u - ok
17:38:33.0296 2576 IntelIde - ok
17:38:33.0359 2576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:38:33.0390 2576 Ip6Fw - ok
17:38:33.0453 2576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:33.0468 2576 IpFilterDriver - ok
17:38:33.0578 2576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:38:33.0578 2576 IpInIp - ok
17:38:33.0796 2576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:38:33.0843 2576 IpNat - ok
17:38:34.0015 2576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:38:34.0046 2576 IPSec - ok
17:38:34.0156 2576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:38:34.0187 2576 IRENUM - ok
17:38:34.0250 2576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:38:34.0265 2576 isapnp - ok
17:38:34.0343 2576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:38:34.0343 2576 Kbdclass - ok
17:38:34.0390 2576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:38:34.0406 2576 kbdhid - ok
17:38:34.0484 2576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:38:34.0531 2576 kmixer - ok
17:38:34.0609 2576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:38:34.0640 2576 KSecDD - ok
17:38:34.0703 2576 lbrtfdc - ok
17:38:34.0812 2576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:38:34.0812 2576 mnmdd - ok
17:38:34.0875 2576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:38:34.0875 2576 Modem - ok
17:38:34.0953 2576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:38:34.0968 2576 Mouclass - ok
17:38:35.0015 2576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:38:35.0015 2576 mouhid - ok
17:38:35.0046 2576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:38:35.0062 2576 MountMgr - ok
17:38:35.0140 2576 MpKsl02f9eb51 - ok
17:38:35.0156 2576 MpKsl1173340b - ok
17:38:35.0171 2576 MpKsl67fb1138 - ok
17:38:35.0203 2576 MpKsled89f4e1 - ok
17:38:35.0234 2576 mraid35x - ok
17:38:35.0296 2576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:38:35.0328 2576 MRxDAV - ok
17:38:35.0406 2576 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:35.0531 2576 MRxSmb - ok
17:38:35.0593 2576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:38:35.0593 2576 Msfs - ok
17:38:35.0687 2576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:35.0703 2576 MSKSSRV - ok
17:38:35.0765 2576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:35.0781 2576 MSPCLOCK - ok
17:38:35.0843 2576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:38:35.0843 2576 MSPQM - ok
17:38:35.0890 2576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:38:35.0906 2576 mssmbios - ok
17:38:35.0937 2576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:38:35.0937 2576 MSTEE - ok
17:38:36.0000 2576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:38:36.0015 2576 Mup - ok
17:38:36.0062 2576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:38:36.0062 2576 NABTSFEC - ok
17:38:36.0125 2576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:38:36.0156 2576 NDIS - ok
17:38:36.0218 2576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:38:36.0218 2576 NdisIP - ok
17:38:36.0265 2576 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:36.0265 2576 NdisTapi - ok
17:38:36.0328 2576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:36.0328 2576 Ndisuio - ok
17:38:36.0390 2576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:36.0406 2576 NdisWan - ok
17:38:36.0468 2576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:38:36.0515 2576 NDProxy - ok
17:38:36.0562 2576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:36.0578 2576 NetBIOS - ok
17:38:36.0687 2576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:36.0703 2576 NetBT - ok
17:38:36.0781 2576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:38:36.0781 2576 NIC1394 - ok
17:38:36.0828 2576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:38:36.0843 2576 Npfs - ok
17:38:36.0921 2576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:38:36.0968 2576 Ntfs - ok
17:38:37.0046 2576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:38:37.0046 2576 Null - ok
17:38:37.0531 2576 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:38:38.0468 2576 nv - ok
17:38:38.0671 2576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:38:38.0687 2576 NwlnkFlt - ok
17:38:38.0828 2576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:38:38.0875 2576 NwlnkFwd - ok
17:38:39.0093 2576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:38:39.0125 2576 ohci1394 - ok
17:38:39.0593 2576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:38:39.0671 2576 Parport - ok
17:38:39.0812 2576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:38:39.0843 2576 PartMgr - ok
17:38:40.0046 2576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:38:40.0062 2576 ParVdm - ok
17:38:40.0125 2576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:38:40.0156 2576 PCI - ok
17:38:40.0218 2576 PCIDump - ok
17:38:41.0281 2576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:38:41.0312 2576 PCIIde - ok
17:38:41.0453 2576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:38:41.0468 2576 Pcmcia - ok
17:38:41.0500 2576 PDCOMP - ok
17:38:41.0562 2576 PDFRAME - ok
17:38:41.0656 2576 PDRELI - ok
17:38:41.0734 2576 PDRFRAME - ok
17:38:41.0812 2576 perc2 - ok
17:38:41.0859 2576 perc2hib - ok
17:38:42.0015 2576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:42.0046 2576 PptpMiniport - ok
17:38:42.0156 2576 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:38:42.0171 2576 Processor - ok
17:38:42.0296 2576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:38:42.0296 2576 PSched - ok
17:38:42.0359 2576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:38:42.0359 2576 Ptilink - ok
17:38:42.0500 2576 PxHelp20 (9f074d9ae28cc00cf481c82d36212e20) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:38:42.0500 2576 PxHelp20 - ok
17:38:42.0593 2576 pxrts (bdf516f12e2275adf84e535facd46511) C:\WINDOWS\system32\drivers\pxrts.sys
17:38:42.0625 2576 pxrts - ok
17:38:42.0671 2576 ql1080 - ok
17:38:42.0718 2576 Ql10wnt - ok
17:38:42.0750 2576 ql12160 - ok
17:38:42.0812 2576 ql1240 - ok
17:38:42.0843 2576 ql1280 - ok
17:38:42.0906 2576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:42.0906 2576 RasAcd - ok
17:38:42.0968 2576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:42.0984 2576 Rasl2tp - ok
17:38:43.0109 2576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:43.0140 2576 RasPppoe - ok
17:38:43.0265 2576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:38:43.0281 2576 Raspti - ok
17:38:43.0453 2576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:43.0484 2576 Rdbss - ok
17:38:43.0656 2576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:38:43.0687 2576 RDPCDD - ok
17:38:43.0812 2576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:38:43.0859 2576 rdpdr - ok
17:38:44.0046 2576 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:38:44.0093 2576 RDPWD - ok
17:38:44.0171 2576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:38:44.0203 2576 redbook - ok
17:38:44.0328 2576 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
17:38:44.0359 2576 regi - ok
17:38:44.0484 2576 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
17:38:44.0515 2576 Revoflt - ok
17:38:44.0593 2576 SABKUTIL - ok
17:38:44.0625 2576 SABProcEnum - ok
17:38:44.0750 2576 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
17:38:44.0750 2576 SahdIa32 - ok
17:38:44.0812 2576 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
17:38:44.0828 2576 SaibIa32 - ok
17:38:44.0875 2576 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
17:38:44.0906 2576 SaibVd32 - ok
17:38:44.0968 2576 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
17:38:44.0984 2576 SBRE - ok
17:38:45.0062 2576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:38:45.0109 2576 Secdrv - ok
17:38:45.0156 2576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:38:45.0187 2576 serenum - ok
17:38:45.0281 2576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:38:45.0296 2576 Serial - ok
17:38:45.0359 2576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:38:45.0359 2576 Sfloppy - ok
17:38:45.0468 2576 Simbad - ok
17:38:45.0593 2576 SIS163u (db1811b75ec3a95d0063a04f6b088c65) C:\WINDOWS\system32\DRIVERS\sis163u.sys
17:38:45.0687 2576 SIS163u - ok
17:38:45.0781 2576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:38:45.0796 2576 SLIP - ok
17:38:45.0875 2576 Sparrow - ok
17:38:45.0968 2576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:38:46.0000 2576 splitter - ok
17:38:46.0046 2576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:38:46.0078 2576 sr - ok
17:38:46.0171 2576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:38:46.0265 2576 Srv - ok
17:38:46.0578 2576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:38:46.0671 2576 streamip - ok
17:38:46.0937 2576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:38:46.0937 2576 swenum - ok
17:38:47.0015 2576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:38:47.0046 2576 swmidi - ok
17:38:47.0078 2576 symc810 - ok
17:38:47.0109 2576 symc8xx - ok
17:38:47.0171 2576 sym_hi - ok
17:38:47.0203 2576 sym_u3 - ok
17:38:47.0265 2576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:38:47.0281 2576 sysaudio - ok
17:38:47.0406 2576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:38:47.0437 2576 Tcpip - ok
17:38:47.0484 2576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:38:47.0484 2576 TDPIPE - ok
17:38:47.0531 2576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:38:47.0531 2576 TDTCP - ok
17:38:47.0578 2576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:38:47.0593 2576 TermDD - ok
17:38:47.0671 2576 TosIde - ok
17:38:47.0781 2576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:38:47.0781 2576 Udfs - ok
17:38:47.0812 2576 ultra - ok
17:38:47.0953 2576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:38:48.0046 2576 Update - ok
17:38:48.0125 2576 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:38:48.0156 2576 USBAAPL - ok
17:38:48.0250 2576 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:38:48.0281 2576 usbaudio - ok
17:38:48.0359 2576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:38:48.0375 2576 usbccgp - ok
17:38:48.0500 2576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:38:48.0515 2576 usbehci - ok
17:38:48.0640 2576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:38:48.0671 2576 usbhub - ok
17:38:48.0765 2576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:38:48.0765 2576 usbprint - ok
17:38:48.0843 2576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:38:48.0843 2576 usbscan - ok
17:38:48.0984 2576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:38:49.0000 2576 USBSTOR - ok
17:38:49.0093 2576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:38:49.0109 2576 usbuhci - ok
17:38:49.0218 2576 V0060VID (b70abf0aeb47c1301a69b5d06b3079ca) C:\WINDOWS\system32\DRIVERS\V0060Vid.sys
17:38:49.0265 2576 V0060VID - ok
17:38:49.0390 2576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:38:49.0406 2576 VgaSave - ok
17:38:49.0500 2576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:38:49.0515 2576 ViaIde - ok
17:38:49.0687 2576 VIAudio (a6fcca426660d3fc5a5cb7c0623a257b) C:\WINDOWS\system32\drivers\vinyl97.sys
17:38:49.0765 2576 VIAudio - ok
17:38:49.0859 2576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:38:49.0875 2576 VolSnap - ok
17:38:50.0000 2576 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys
17:38:50.0015 2576 vulfnths - ok
17:38:50.0171 2576 vulfntrs (541447e05eddd1164a5ea925778b209d) C:\WINDOWS\System32\Drivers\vulfntr.sys
17:38:50.0218 2576 vulfntrs - ok
17:38:50.0390 2576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:50.0421 2576 Wanarp - ok
17:38:50.0531 2576 WDICA - ok
17:38:50.0671 2576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:38:50.0703 2576 wdmaud - ok
17:38:50.0781 2576 WinDriver6 - ok
17:38:50.0921 2576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:38:50.0937 2576 WSTCODEC - ok
17:38:50.0984 2576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:38:51.0015 2576 WudfPf - ok
17:38:51.0125 2576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:38:51.0140 2576 WudfRd - ok
17:38:51.0218 2576 MBR (0x1B8) (d10f1090c2a1da838dee05aa4ca56fbd) \Device\Harddisk0\DR0
17:38:51.0296 2576 \Device\Harddisk0\DR0 - ok
17:38:51.0296 2576 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
17:38:51.0312 2576 \Device\Harddisk1\DR3 - ok
17:38:51.0312 2576 Boot (0x1200) (704a456e707b5f3e697d1e38bfcb7fd4) \Device\Harddisk0\DR0\Partition0
17:38:51.0312 2576 \Device\Harddisk0\DR0\Partition0 - ok
17:38:51.0343 2576 Boot (0x1200) (e41506e3f7ed7bed5be6658157da2f23) \Device\Harddisk0\DR0\Partition1
17:38:51.0343 2576 \Device\Harddisk0\DR0\Partition1 - ok
17:38:51.0734 2576 Boot (0x1200) (2a0bf68379411a0c3ea31ebe0f74d0ff) \Device\Harddisk1\DR3\Partition0
17:38:51.0734 2576 \Device\Harddisk1\DR3\Partition0 - ok
17:38:51.0734 2576 ============================================================
17:38:51.0734 2576 Scan finished
17:38:51.0734 2576 ============================================================
17:38:51.0750 2748 Detected object count: 0
17:38:51.0750 2748 Actual detected object count: 0
17:39:59.0343 1188 Deinitialize success

MBAM: mbam-log-2012-01-17 (18-47-31).txt

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
JOHN :: JOHN1 [administrator]

1/17/2012 5:41:33 PM
mbam-log-2012-01-17 (18-47-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236709
Time elapsed: 34 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Ex.CleanI (Trojan.SpyEyes) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)

ComboFix.txt:

ComboFix 12-01-17.01 - JOHN 01/17/2012 19:32:45.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1565 [GMT -5:00]
Running from: c:\documents and settings\JOHN\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\JOHN\Application Data\Mozilla\Firefox\Profiles\rj1qgfru.default\searchplugins\bing-zugo.xml
c:\documents and settings\JOHN\Application Data\PriceGong
c:\documents and settings\JOHN\g2mdlhlpx.exe
c:\windows\$NtUninstallKB19849$
c:\windows\$NtUninstallKB19849$\2879080398
c:\windows\$NtUninstallKB19849$\3194680291\@
c:\windows\$NtUninstallKB19849$\3194680291\bckfg.tmp
c:\windows\$NtUninstallKB19849$\3194680291\cfg.ini
c:\windows\$NtUninstallKB19849$\3194680291\Desktop.ini
c:\windows\$NtUninstallKB19849$\3194680291\keywords
c:\windows\$NtUninstallKB19849$\3194680291\kwrd.dll
c:\windows\$NtUninstallKB19849$\3194680291\L\kfrimiut
c:\windows\$NtUninstallKB19849$\3194680291\lsflt7.ver
c:\windows\$NtUninstallKB19849$\3194680291\U\00000001.@
c:\windows\$NtUninstallKB19849$\3194680291\U\00000002.@
c:\windows\$NtUninstallKB19849$\3194680291\U\00000004.@
c:\windows\$NtUninstallKB19849$\3194680291\U\80000000.@
c:\windows\$NtUninstallKB19849$\3194680291\U\80000004.@
c:\windows\$NtUninstallKB19849$\3194680291\U\80000032.@
c:\windows\alcrmv.exe
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\904cc7b82d836cfa.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c9f5e0f57fca4f66.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\msssc.dll
c:\windows\system32\roboot.exe
H:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-11 12:57 . 2012-01-11 12:57 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-11 12:57 . 2012-01-11 12:57 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 12:57 . 2012-01-11 12:57 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-11 12:57 . 2012-01-11 12:57 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-01-01 00:08 . 2012-01-01 00:08 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-12-31 23:56 . 2011-12-31 23:56 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-28 19:41 . 2012-01-18 00:56 -------- d-----w- c:\documents and settings\JOHN\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-11-17 21:13 . 2011-05-19 12:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-11 12:57 . 2011-06-03 13:58 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 18:37 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JOHN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JOHN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JOHN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JOHN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Desktop Disc Tool"="c:\program files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-12 506352]
"CPMonitor"="c:\program files\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV&inst=NzctNDc5MTYxNDI0LVQyMC1VODUrMS1LVjMrNy1CQSsxLVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzctU1AxKzEtU1VQKzItRkwxMCsxLUREVCsw&prod=90&ver=10.0.1390" [?]
.
c:\documents and settings\JOHN\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\JOHN\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-12-25 63064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-10-22 611144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\JOHN\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [9/18/2011 2:40 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [9/18/2011 2:40 PM 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [9/18/2011 2:40 PM 25584]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/29/2009 1:23 PM 98392]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2/9/2011 4:36 PM 457200]
R2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [7/15/2011 12:03 AM 21488]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [6/29/2010 3:38 PM 61624]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/16/2012 1:37 PM 909152]
R3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [7/2/2007 4:32 PM 196409]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S1 MpKsl02f9eb51;MpKsl02f9eb51;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60049328-50FF-40CE-B928-74D4419E06F2}\MpKsl02f9eb51.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60049328-50FF-40CE-B928-74D4419E06F2}\MpKsl02f9eb51.sys [?]
S1 MpKsl1173340b;MpKsl1173340b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D2F95EB-6D75-4101-A6AA-6562B671A4A9}\MpKsl1173340b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D2F95EB-6D75-4101-A6AA-6562B671A4A9}\MpKsl1173340b.sys [?]
S1 MpKsl67fb1138;MpKsl67fb1138;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7FA8E35-920A-4515-93DA-4333083B8ADF}\MpKsl67fb1138.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7FA8E35-920A-4515-93DA-4333083B8ADF}\MpKsl67fb1138.sys [?]
S1 MpKsled89f4e1;MpKsled89f4e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46975E67-0717-4D62-A809-8C803E123F35}\MpKsled89f4e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46975E67-0717-4D62-A809-8C803E123F35}\MpKsled89f4e1.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2012\AVGIDSAgent.exe" --> c:\program files\AVG\AVG2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2012\avgwdsvc.exe" --> c:\program files\AVG\AVG2012\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 9:33 AM 135664]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [7/13/2011 6:41 AM 340976]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/17/2011 1:09 PM 1025352]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 9:33 AM 135664]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [9/15/2007 8:35 PM 39048]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/2/2010 7:10 PM 27064]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [7/13/2011 6:41 AM 1095664]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [9/22/2009 3:09 PM 217600]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:33]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:33]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-583907252-839522115-1003Core.job
- c:\documents and settings\JOHN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-12 18:08]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-583907252-839522115-1003UA.job
- c:\documents and settings\JOHN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-12 18:08]
.
2012-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-583907252-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-583907252-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-17 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-06-03 17:08]
.
2012-01-11 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-06-03 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110603&user_guid=59DC057DB20A49059F778920CB977697&machine_id=1c57a7bcb386cf6303117a479261c885&browser=IE&os=win&os_version=5.1-x86-SP3
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: eBay Search
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: macromedia.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} - hxxp://install.anark.com/client/version3/windows-ie/en/AMClient.cab
FF - ProfilePath - c:\documents and settings\JOHN\Application Data\Mozilla\Firefox\Profiles\rj1qgfru.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://wwwgoogle.com
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110603&user_guid=59DC057DB20A49059F778920CB977697&machine_id=1c57a7bcb386cf6303117a479261c885&browser=FF&os=win&os_version=5.1-x86-SP3&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-MenuMachine_2_2.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\documents and settings\JOHN\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\eHome\EH103 Wireless G USB Adapter\SiSWLSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Webshots\Webshots.scr
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2012-01-17 20:05:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-18 01:05
.
Pre-Run: 62,503,575,552 bytes free
Post-Run: 65,914,396,672 bytes free
.
- - End Of File - - C56A89AAAE759B2EA53CD783B9D2E508

Let me know what I need to do next.

Thanks,

John

That looks fine now.How is it.? I take it you did fix that iitem found in MBAM.