need some experts on this!!

I suspect there a trojans in my computer but I scans with avira security suites, but didn’t detect this, and scans with Malwarebytes’ Anti-Malware and detected and remove/deleted. But after reboot this trojans came back as well. Here is the HijackThis logs.

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Users\John\AppData\Local\Temp\Ujx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\program files\avira\antivir desktop\avcenter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O4 - HKLM..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU..\Run: [Rhdxnyxmng] rundll32 “C:\Users\John\AppData\Roaming\wbadmint.dll”,Aszf
O4 - HKCU..\Run: [EWABQAF7KL] C:\Users\John\AppData\Local\Temp\Ujx.exe
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

Do you have Avast on your machine or are you just posting here?

I guess Avira forum is not that good… ;D

yes i used to have avast home version, but when the first version of 5.0 i had so many issues with it so i decided to change to avira, since then everything fine.

That’s what I was wondering.
If you don’t have Avast, you really should be addressing your issue with Avira.

I guess Avira forum is not that good… Grin
I agree with you, avira supports forum are really bad :-; but their software are really good in detection…

This should have been posted in the " virus and worms " section…so next time :wink:

Follow this guide from Essexboy, and attach the logs in your next reply here
http://forum.avast.com/index.php?topic=53253.0

see down left corner: Additional Options > Attach ( MBAM log / OTL.Txt and Extras.Txt )

I agree Pondus, but the OP does not have an Avast product and is posting here. He has avira.

That is the best thing about this forum…everyone gets malware help… ;D

OK… :-*

here is the log…

08:34:55 John MESSAGE Protection started successfully
08:34:58 John MESSAGE IP Protection started successfully
08:50:44 John IP-BLOCK 89.185.229.128
09:12:14 John IP-BLOCK 208.73.210.28
09:33:12 John IP-BLOCK 212.117.164.211
09:33:36 John IP-BLOCK 213.5.64.5
11:58:48 John IP-BLOCK 212.117.164.211
11:58:48 John IP-BLOCK 212.117.164.211
11:58:48 John IP-BLOCK 212.117.164.211
11:58:48 John IP-BLOCK 212.117.164.211
11:58:56 John IP-BLOCK 212.117.164.211
11:58:56 John IP-BLOCK 212.117.164.211
14:40:31 John MESSAGE Protection started successfully
14:40:35 John MESSAGE IP Protection started successfully
14:52:58 John MESSAGE Protection started successfully
14:53:02 John MESSAGE IP Protection started successfully
15:06:50 John MESSAGE Protection started successfully
15:06:53 John MESSAGE IP Protection started successfully
15:50:16 John IP-BLOCK 89.185.229.128
16:02:41 John IP-BLOCK 212.117.164.211
16:02:41 John IP-BLOCK 212.117.164.211
16:02:49 John IP-BLOCK 212.117.164.211
16:21:15 John IP-BLOCK 212.117.164.211
16:21:23 John IP-BLOCK 212.117.164.211
16:40:37 John IP-BLOCK 212.117.164.211
16:40:53 John IP-BLOCK 212.117.164.211
17:47:24 John IP-BLOCK 95.211.99.84
17:47:24 John IP-BLOCK 62.213.100.140
17:50:12 John IP-BLOCK 217.23.9.248
17:53:01 John IP-BLOCK 216.240.146.119
18:07:08 John MESSAGE Protection started successfully
18:07:11 John MESSAGE IP Protection started successfully
18:19:35 John MESSAGE Protection started successfully
18:19:39 John MESSAGE IP Protection started successfully
19:14:42 John MESSAGE Protection started successfully
19:14:45 John MESSAGE IP Protection started successfully
19:18:53 John IP-BLOCK 94.75.228.175
19:18:53 John IP-BLOCK 94.75.228.175
19:28:55 John MESSAGE IP Protection stopped
19:28:55 John MESSAGE IP Protection started successfully
19:29:17 John MESSAGE IP Protection stopped
19:29:18 John MESSAGE IP Protection started successfully
19:35:02 John IP-BLOCK 94.75.228.175
19:35:02 John IP-BLOCK 94.75.228.175
20:29:08 John IP-BLOCK 94.75.228.175
20:29:08 John IP-BLOCK 94.75.228.175
20:30:53 John IP-BLOCK 94.75.228.175
20:30:53 John IP-BLOCK 94.75.228.175
20:49:16 John DETECTION C:\Windows\Tasks{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.JOB Trojan.Downloader QUARANTINE
21:25:01 John DETECTION C:\Windows\Tasks{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.JOB Trojan.Downloader DENY
21:49:29 John DETECTION C:\Windows\Tasks{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.JOB Trojan.Downloader DENY
22:10:24 John MESSAGE Protection started successfully
22:10:28 John MESSAGE IP Protection started successfully

Where is this log from? It doesn’t look like an MBAM scan log as Pondus directed, then OTL if positive.

Besides avira, do you also have mcafee?

That looks as the log list in MBAM and not what we want.
We want the scan log, that will show the malware found and removed

ok i’m a little confuse on the OTL?
and scan log isn’t it the list after MBAM finished scan?

how do i get to the scan log?

It should pop up automatically in a Notepad format. It is the 4th tab over from the left in version 1.46 of MBAM.

Click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts – Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.

ok i think i get it…i hope this is what you want

OTL logfile created on: 7/6/2010 11:11:16 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = D:\My Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 92.66 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 58.07 Gb Free Space | 77.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 23:09:54 | 000,574,976 | ---- | M] (OldTimer Tools) – D:\My Downloads\OTL.exe
PRC - [2010/07/06 17:53:23 | 000,163,840 | ---- | M] () – C:\Users\John\AppData\Local\Temp\Ujx.exe
PRC - [2010/06/27 07:56:00 | 000,910,296 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
PRC - [2010/04/19 19:07:27 | 000,536,232 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010/04/19 19:07:27 | 000,405,672 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/19 19:07:27 | 000,337,064 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/19 19:07:27 | 000,267,432 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/25 13:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) – C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/03/25 12:40:50 | 000,135,336 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/25 12:40:49 | 000,282,792 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/25 12:40:49 | 000,076,968 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) – C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\conhost.exe

ok i think you mean this, but is too long

PRC - [2010/07/06 23:09:54 | 000,574,976 | ---- | M] (OldTimer Tools) – D:\My Downloads\OTL.exe
PRC - [2010/07/06 17:53:23 | 000,163,840 | ---- | M] () – C:\Users\John\AppData\Local\Temp\Ujx.exe
PRC - [2010/06/27 07:56:00 | 000,910,296 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
PRC - [2010/04/19 19:07:27 | 000,536,232 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010/04/19 19:07:27 | 000,405,672 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/19 19:07:27 | 000,337,064 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/19 19:07:27 | 000,267,432 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/25 13:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) – C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/03/25 12:40:50 | 000,135,336 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/25 12:40:49 | 000,282,792 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/25 12:40:49 | 000,076,968 | ---- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) – C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\conhost.exe

========== Modules (SafeList) ==========

MOD - [2010/07/06 23:09:54 | 000,574,976 | ---- | M] (OldTimer Tools) – D:\My Downloads\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) – C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

Where is the MBAM Full Scan?

returning to yr OP (opening post) and the HijackThis log JP Martin

  • you appear to be infected - the following two entries

C:\Users\John\AppData\Local\Temp\Ujx.exe

O4 - HKCU..\Run: [EWABQAF7KL] C:\Users\John\AppData\Local\Temp\Ujx.exe

Check this link – http://www.superantispyware.com/malwarefiles/UJX.EXE.html

First I would first download and run Superantispyware (SAS) as advised, and that should remove the infection
Then run another HjT scan and see how doing.