Virus help please

[gracette17]

I completed the Computer Hope Virus and Spyware section Guidelines, but don't know where to go from here. Can someone please help me? 

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[gracette17]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/22/2012 at 00:08 AM

Application Version : 5.5.1012

Core Rules Database Version : 9099
Trace Rules Database Version: 6911

Scan type       : Complete Scan
Total Scan Time : 01:22:54

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 738
Memory threats detected   : 0
Registry items scanned    : 68666
Registry threats detected : 0
File items scanned        : 174230
File threats detected     : 28

Adware.Tracking Cookie
   C:\USERS\JESSICA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XLBD6S7.txt [
Cookie:[email protected]/ ]
   core.insightexpressai.com [ C:\USERS\JESSICA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\
#SHAREDOBJECTS\AJHHCNGJ ]
   account.goodgamestudios.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\
ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   art.aim4media.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   cdn2.baronsmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   click.searchnation.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   convoad.technoratimedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   core.saymedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   elitetv.elitedaily.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   ictv-ic-ec.indieclicktv.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   kaltura.hutchmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   media.heavy.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   media.mtvnservices.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   media.outdoorchannel.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   media.scanscout.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   media1.break.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   media3.onsugar.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   s0.2mdn.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   secure-uk.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   tag.blutonicmedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   tag.mediashakers.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   video-vcdn.fastclick.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]
   videocdn.pgoamedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YWCU9VTG ]


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jessica :: JESSICA-PC [administrator]

Protection: Enabled

8/22/2012 7:20:34 AM
mbam-log-2012-08-22 (07-24-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200902
Time elapsed: 3 minute(s),

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3244 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.6.2
Run by Jessica at 8:24:57 on 2012-08-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3836.2408 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzuzyyCyE0C0EyD0AyCzytC0D0CyC0E0E0BtN0D0Tzu0
CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=786326725
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\
Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B1940042-13FB-4B9B-BFC8-8637A30C2559} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B1940042-13FB-4B9B-BFC8-8637A30C2559}\462797D6F62756164747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B1940042-13FB-4B9B-BFC8-8637A30C2559}\A55696475627 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B1940042-13FB-4B9B-BFC8-8637A30C2559}\C495B494E435 : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64:     0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 MpKsl0bf3a194;MpKsl0bf3a194;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2234C496-2251-4B97-9316-528E0BE279FC}\MpKsl0bf3a194.sys [2012-8-22 35664]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-3-8 134456]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 msftesql$PROPHETSQL;SQL Server FullText Search (PROPHETSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$PROPHETSQL;SQL Server (PROPHETSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-5-31 361472]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-5-31 441344]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-1-10 1248256]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-12-25 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-17 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944]
S2 MSSQL$ACT7;SQL Server (ACT7);"C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe" -sACT7 --> C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-17 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);"C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE" -i ACT7 --> C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [?]
S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-08-22 13:23:20   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2234C496-2251-4B97-9316-528E0BE279FC}\offreg.dll
2012-08-22 13:22:56   35664   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2234C496-2251-4B97-9316-528E0BE279FC}\MpKsl0bf3a194.sys
2012-08-22 12:55:44   821736   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2012-08-22 12:55:33   95208   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-22 12:48:13   20480   ----a-w-   C:\Windows\svchost.exe
2012-08-22 03:40:54   --------   d-----w-   C:\Users\Jessica\AppData\Roaming\SUPERAntiSpyware.com
2012-08-22 03:40:46   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-08-22 03:40:46   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-08-22 03:25:42   --------   d-----w-   C:\Program Files\CCleaner
2012-08-21 16:56:25   9309624   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2234C496-2251-4B97-9316-528E0BE279FC}\mpengine.dll
2012-08-20 22:36:43   --------   d-----w-   C:\Windows\Microsoft Antimalware
2012-08-20 18:47:54   --------   d-----w-   C:\Users\Jessica\AppData\Roaming\Malwarebytes
2012-08-20 18:47:33   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-08-20 18:47:32   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-08-20 18:47:32   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-20 16:49:03   9133488   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 01:34:25   --------   d-----w-   C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-20 00:17:35   --------   d-sh--w-   C:\Windows\SysWow64\%APPDATA%
2012-08-14 22:42:20   751104   ----a-w-   C:\Windows\System32\win32spl.dll
2012-08-14 22:42:19   67072   ----a-w-   C:\Windows\splwow64.exe
2012-08-14 22:42:19   559104   ----a-w-   C:\Windows\System32\spoolsv.exe
2012-08-14 22:42:19   492032   ----a-w-   C:\Windows\SysWow64\win32spl.dll
2012-08-14 20:38:58   503808   ----a-w-   C:\Windows\System32\srcore.dll
2012-08-14 20:38:58   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2012-08-14 20:38:54   59392   ----a-w-   C:\Windows\System32\browcli.dll
2012-08-14 20:38:54   41984   ----a-w-   C:\Windows\SysWow64\browcli.dll
2012-08-14 20:38:54   136704   ----a-w-   C:\Windows\System32\browser.dll
2012-08-14 20:38:52   3148800   ----a-w-   C:\Windows\System32\win32k.sys
2012-08-14 20:38:51   956928   ----a-w-   C:\Windows\System32\localspl.dll
.
==================== Find3M  ====================
.
2012-08-22 12:55:20   746984   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-08-14 23:21:13   70344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 23:21:13   426184   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-06-29 03:48:07   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-06-07 01:59:42   1070152   ----a-w-   C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16   2004480   ----a-w-   C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16   1881600   ----a-w-   C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54   1133568   ----a-w-   C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52   1390080   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52   1236992   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06   805376   ----a-w-   C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10   458704   ----a-w-   C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16   151920   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31   340992   ----a-w-   C:\Windows\System32\schannel.dll
2012-06-02 05:44:21   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39   225280   ----a-w-   C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10   219136   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12   279656   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  8:26:34.94 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2011 6:02:23 PM
System Uptime: 8/22/2012 8:22:33 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 3642
Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 222.32 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.51 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP163: 8/15/2012 3:00:24 AM - Windows Update
RP164: 8/19/2012 6:03:32 PM - Windows Update
RP165: 8/20/2012 7:58:50 AM - Windows Update
RP166: 8/20/2012 2:07:59 PM - Removed Skype™ 5.8
RP167: 8/20/2012 2:08:55 PM - Removed Skype Click to Call
RP168: 8/20/2012 3:24:14 PM - Removed AutoCAD 2004
RP169: 8/20/2012 3:26:30 PM - Removed AutoCAD Express Tools Volumes 1-9
RP170: 8/22/2012 7:54:51 AM - Installed Java 7 Update 6
RP171: 8/22/2012 8:04:10 AM - Removed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Avidian Prophet
Bing Rewards Client Installer
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco WebEx Meetings
Coupon Printer for Windows
DVD Menu Pack for HP MediaSmart Video
Easy Solve
Fax
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Deskjet 3050A J611 series Help
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Webcam
HP Photo Creations
HP Quick Launch Buttons
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java 7 Update 6
Java Auto Updater
JMicron Flash Media Controller Driver
LightScribe System Software
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (PROPHETSQL)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Movie Theme Pack for HP MediaSmart Video
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PDFlite 0.7
QB Connection Diagnostic Tool
QLBCASL
QuickBooks
QuickBooks Premier: Contractor Edition 2012
Realtek 8136 8168 8169 Ethernet Driver
Recovery Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Sql Server Customer Experience Improvement Program
Toolbox
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Xactimate 27
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/22/2012 8:24:18 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/22/2012 8:22:57 AM, Error: Service Control Manager [7000]  - The SQL Server (ACT7) service failed to start due to the following error:  The system cannot find the file specified.
8/22/2012 8:22:50 AM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
8/22/2012 7:51:10 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/22/2012 7:48:14 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/22/2012 3:51:32 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/22/2012 3:51:32 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
8/22/2012 3:50:13 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/21/2012 7:57:12 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/21/2012 3:11:44 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/21/2012 12:23:16 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/21/2012 11:36:06 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/21/2012 10:21:20 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user Jessica-PC\Jessica SID (S-1-5-21-3059629058-3867583790-3276415583-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/21/2012 10:21:20 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user Jessica-PC\Jessica SID (S-1-5-21-3059629058-3867583790-3276415583-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/21/2012 10:04:41 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/21/2012 10:02:15 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/21/2012 1:21:49 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/21/2012 1:13:49 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/20/2012 7:49:25 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2244.0, AS: 1.131.2244.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/20/2012 7:47:58 AM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.     Signatures Attempted: Current     Error Code: 0x80070002     Error description: The system cannot find the file specified.      Signature version: 1.131.2244.0;1.131.2244.0     Engine version: 1.1.8601.0
8/20/2012 4:11:10 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/20/2012 3:01:33 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/20/2012 2:52:27 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/20/2012 2:51:48 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer DRYMORE-SERVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30306E14-8849-40AC-BEFE-5601274236C9}. The master browser is stopping or an election is being forced.
8/20/2012 2:31:52 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
8/20/2012 2:31:48 PM, Error: Service Control Manager [7038]  - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/20/2012 2:31:48 PM, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The service did not start due to a logon failure.
8/20/2012 2:27:49 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949     Name: Trojan:DOS/Alureon.A     ID: 2147636949     Severity: Severe     Category: Trojan     Path: rootkit:_Alureon->Mbr::Alureon     Detection Origin: Unknown     Detection Type: Concrete     Detection Source: System     User: NT AUTHORITY\SYSTEM     Process Name: Unknown     Action: Quarantine     Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.     To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.      Error Code: 0x80070032     Error description: The request is not supported.      Signature Version: AV: 1.131.2388.0, AS: 1.131.2388.0, NIS: 11.159.0.0     Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/20/2012 2:04:3

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run MBAM again and, this time, make sure all the infections are checked and click Remove Selected.

Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[gracette17]

ComboFix 12-08-22.03 - Jessica 08/22/2012  17:40:44.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3836.1954 [GMT -5:00]
Running from: c:\users\Jessica\Desktop\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\32122199911
c:\programdata\9BC2310A49.sys
c:\programdata\F4357F7629.sys
c:\users\Jessica\AppData\Local\Temp\{086AA8C3-561B-4B99-9FEE-EBBDC5CAF325}\fpb.tmp
c:\users\Jessica\Documents\ShopToWin
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-22 to 2012-08-22  )))))))))))))))))))))))))))))))
.
.
2012-08-22 23:14 . 2012-08-01 22:58   9309624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42461E02-ECE2-4506-9C08-C7943EB2FFC7}\mpengine.dll
2012-08-22 23:00 . 2012-08-22 23:00   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-22 13:01 . 2012-08-22 13:01   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-08-22 12:55 . 2012-08-22 12:55   821736   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-08-22 12:55 . 2012-08-22 12:55   95208   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-22 12:54 . 2012-08-22 12:54   --------   d-----w-   c:\programdata\McAfee
2012-08-22 03:40 . 2012-08-22 03:40   --------   d-----w-   c:\users\Jessica\AppData\Roaming\SUPERAntiSpyware.com
2012-08-22 03:40 . 2012-08-22 03:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-08-22 03:40 . 2012-08-22 03:40   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-08-22 03:25 . 2012-08-22 03:25   --------   d-----w-   c:\program files\CCleaner
2012-08-21 16:56 . 2012-08-01 22:58   9309624   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 22:36 . 2012-08-22 02:15   --------   d-----w-   c:\windows\Microsoft Antimalware
2012-08-20 18:47 . 2012-08-20 18:47   --------   d-----w-   c:\users\Jessica\AppData\Roaming\Malwarebytes
2012-08-20 18:47 . 2012-08-20 18:47   --------   d-----w-   c:\programdata\Malwarebytes
2012-08-20 18:47 . 2012-08-20 18:47   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-20 18:47 . 2012-07-03 18:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-08-20 01:34 . 2012-08-20 15:45   --------   d-----w-   c:\program files (x86)\Emsisoft Anti-Malware
2012-08-20 00:17 . 2012-08-20 00:17   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
2012-08-14 22:42 . 2012-02-11 06:43   751104   ----a-w-   c:\windows\system32\win32spl.dll
2012-08-14 22:42 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
2012-08-14 22:42 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
2012-08-14 22:42 . 2012-02-11 05:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
2012-08-14 20:38 . 2012-05-05 08:36   503808   ----a-w-   c:\windows\system32\srcore.dll
2012-08-14 20:38 . 2012-05-05 07:46   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
2012-08-14 20:38 . 2012-07-04 22:16   73216   ----a-w-   c:\windows\system32\netapi32.dll
2012-08-14 20:38 . 2012-07-04 22:13   59392   ----a-w-   c:\windows\system32\browcli.dll
2012-08-14 20:38 . 2012-07-04 22:13   136704   ----a-w-   c:\windows\system32\browser.dll
2012-08-14 20:38 . 2012-07-04 21:14   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
2012-08-14 20:38 . 2012-07-18 18:15   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-08-14 20:38 . 2012-05-14 05:26   956928   ----a-w-   c:\windows\system32\localspl.dll
2012-08-12 21:47 . 2012-08-12 21:47   --------   d-----w-   c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 12:55 . 2012-02-01 05:05   746984   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-08-15 08:00 . 2011-12-26 01:45   62134624   ----a-w-   c:\windows\system32\MRT.exe
2012-08-14 23:21 . 2012-05-17 18:58   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:21 . 2012-01-16 21:11   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 21:14   14172672   ----a-w-   c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59   1070152   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 21:14   2004480   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 21:14   1881600   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 21:14   1133568   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 21:14   1390080   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 21:14   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 21:14   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 10:49   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 10:50   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 10:50   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 10:50   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 10:49   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 10:50   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 10:49   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 10:49   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 10:49   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 21:14   458704   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 21:14   151920   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 21:14   95600   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 21:14   340992   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 21:14   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 21:14   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 21:14   225280   ----a-w-   c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 21:14   219136   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 21:14   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2012-05-31 17:25 . 2011-12-26 00:23   279656   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-02-11 2260312]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-6-5 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 136176]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-26 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2012-01-10 679936]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE

R4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-03-08 134456]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 msftesql$PROPHETSQL;SQL Server FullText Search (PROPHETSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$PROPHETSQL;SQL Server (PROPHETSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-01-10 1248256]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6C496F31
*NewlyCreated* - WS2IFSL
*Deregistered* - MpKsl6c496f31
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 23:21]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 19:06]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 19:06]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059629058-3867583790-3276415583-1000Core.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 01:23]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059629058-3867583790-3276415583-1000UA.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 01:23]
.
2012-08-22 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-04-03 2727936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzuzyyCyE0C0EyD0Ay
CzytC0D0CyC0E0E0BtN0D0Tzu0CtCzyzztN1L2X zutBtFtCtFtDtFtAtDtC&cr=786326725
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql$PROPHETSQL]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:PROPHETSQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,38,12,82,71,d1,
   a0,ac,a3,a0,0f,d9,e4,d6,18,c2,ac,da,e7
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,38,12,c4,b3,f8,
   71,26,0c,da,09,ef,fa,a0,a0,7b,93,40,e3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c8,ae,8d,24,e4,70,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-22  18:38:27 - machine was rebooted
ComboFix-quarantined-files.txt  2012-08-22 23:38
.
Pre-Run: 237,357,813,760 bytes free
Post-Run: 237,463,998,464 bytes free
.
- - End Of File - - A5246B905A8613F07DC39CA306AAEF69

[SuperDave]

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
******************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[gracette17]

When I tried to start aswMBR, it's saying.... This application can use the Avast! Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast! virus defintitions?

Should I do this?

[SuperDave]

When I tried to start aswMBR, it's saying.... This application can use the Avast! Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast! virus defintitions?

Should I do this?

Yes, Please.

[gracette17]

ok, doing it now

[gracette17]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-27 10:08:30
-----------------------------
10:08:30.681    OS Version: Windows x64 6.1.7601 Service Pack 1
10:08:30.681    Number of processors: 2 586 0x602
10:08:30.682    ComputerName: JESSICA-PC  UserName: Jessica
10:08:33.572    Initialize success
10:37:42.054    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:37:42.070    Disk 0 Vendor: WDC_WD3200BEKT-60V5T1 12.01A12 Size: 305245MB BusType: 11
10:37:42.070    Device \Driver\atapi -> MajorFunction fffffa80047d05e8
10:37:42.070    Disk 0 MBR read successfully
10:37:42.085    Disk 0 MBR scan
10:37:42.085    Disk 0 unknown MBR code
10:37:42.085    Disk 0 MBR hidden
10:37:42.101    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
10:37:42.117    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       289291 MB offset 409600
10:37:42.179    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15650 MB offset 592877568
10:37:42.210    Disk 0 scanning C:\Windows\system32\drivers
10:37:48.123    Service scanning
10:38:03.629    Modules scanning
10:38:03.660    Disk 0 trace - called modules:
10:38:04.175    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys >>UNKNOWN [0xfffffa80047d05e8]<<
10:38:04.175    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004332790]
10:38:04.175    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004332040]
10:38:04.191    5 hpdskflt.sys[fffff88001988289] -> nt!IofCallDriver -> [0xfffffa80042b2e40]
10:38:04.191    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042af060]
10:38:04.191    \Driver\atapi[0xfffffa8004718060] -> IRP_MJ_CREATE -> 0xfffffa80047d05e8
10:38:04.206    Scan finished successfully
10:39:41.738    Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"
10:39:41.738    The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.txt"



Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\  [Fixed-NTFS] .. ( Total:282 Go - Free:223 Go )
D:\  [Fixed-NTFS] .. ( Total:15 Go - Free:2 Go )
E:\  [CD_Rom]
F:\  [Fixed-FAT32] .. ( Total:0 Go - Free:0 Go )
Z:\  [Network] .. ( Total:1849 Go - Free:1823 Go )
.
Scan : 10:40.36
Path : C:\Users\Jessica\Desktop\Rooter.exe
User : Jessica ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (268)
Locked csrss.exe (380)
Locked wininit.exe (448)
Locked csrss.exe (464)
Locked services.exe (512)
Locked lsass.exe (528)
Locked lsm.exe (536)
Locked svchost.exe (672)
Locked svchost.exe (752)
Locked MsMpEng.exe (804)
Locked winlogon.exe (820)
Locked atiesrxx.exe (884)
Locked svchost.exe (932)
Locked svchost.exe (988)
Locked svchost.exe (1020)
Locked stacsv64.exe (396)
Locked svchost.exe (1272)
Locked hpservice.exe (1340)
Locked atieclxx.exe (1348)
Locked svchost.exe (1472)
Locked spoolsv.exe (1620)
Locked svchost.exe (1672)
Locked SASCore64.exe (1780)
Locked armsvc.exe (1832)
Locked AESTSr64.exe (1856)
Locked AppleMobileDeviceService.exe (1888)
Locked atashost.exe (1952)
Locked mDNSResponder.exe (1988)
Locked svchost.exe (2028)
Locked hamachi-2.exe (1112)
Locked svchost.exe (1084)
Locked LSSrvc.exe (1200)
Locked msftesql.exe (312)
Locked sqlservr.exe (1264)
Locked sqlservr.exe (2132)
Locked svchost.exe (2244)
Locked pcCMService.exe (2304)
Locked pcCMService.exe (2396)
______ ? (2492)
Locked svchost.exe (2704)
Locked QBCFMonitorService.exe (2740)
______ ? (2800)
______ ? (2824)
Locked QBIDPService.exe (2988)
______ ? (3028)
______ ? (3040)
______ ? (3052)
______ ? (2684)
______ ? (2816)
Locked sqlbrowser.exe (2960)
Locked sqlwriter.exe (3132)
Locked svchost.exe (3220)
______ C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (3284)
______ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (3520)
______ C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (3556)
______ ? (3680)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3712)
______ C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3800)
______ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (3828)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3836)
______ ? (4040)
Locked iPodService.exe (3100)
Locked SearchIndexer.exe (1728)
Locked hpqWmiEx.exe (4404)
Locked wmpnetwk.exe (4892)
Locked ApMsgFwd.exe (4924)
Locked WmiPrvSE.exe (4948)
______ ? (4956)
______ ? (4972)
Locked Com4QLBEx.exe (4136)
Locked svchost.exe (4944)
______ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (6020)
______ C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (4752)
______ ? (3620)
______ ? (4796)
Locked HPHC_Service.exe (3992)
Locked mbamservice.exe (3436)
Locked svchost.exe (2212)
Locked PresentationFontCache.exe (160052)
Locked svchost.exe (167664)
Locked conhost.exe (167028)
______ C:\Program Files (x86)\Comcast\pcBrowser.exe (182956)
Locked aswMBR.exe (183708)
Locked SearchProtocolHost.exe (187164)
Locked audiodg.exe (181392)
Locked SearchFilterHost.exe (184064)
______ C:\Users\Jessica\Desktop\Rooter.exe (186040)
______ ? (186904)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:303343599616)
\Device\Harddisk0\Partition3 (Start_Offset:303553314816 | Length:16410214400)
\Device\Harddisk0\Partition4 (Start_Offset:319963529216 | Length:108355584)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059629058-3867583790-3276415583-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059629058-3867583790-3276415583-1000UA.job
C:\Windows\Tasks\HP Photo Creations Messager.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 10:40.47
.
C:\Rooter$\Rooter_1.txt - (27/08/2012 | 10:40.47)

[SuperDave]

We need to fix the infection found with aswMBR now

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click Fix to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

[gracette17]

I just tried to run that again and in the middle of it my computer just shut down. Some box popped up, but I wasn't able to read it fast enough before my computer turned off and now it won't come back on.

Any suggestions? 

[SuperDave]

I just tried to run that again and in the middle of it my computer just shut down. Some box popped up, but I wasn't able to read it fast enough before my computer turned off and now it won't come back on.

Any suggestions? 

What happens when you try to boot?

[gracette17]

There is a light on the front of the lap top that just blinks once. If I hold down the power button, the light continuously blinks. (not fast, just blinks)

[gracette17]

I just tried it again and it turned back on. I chose to open in safe mode... should I run aswMBR?