cycbot removal = internet loss

[washingmachine]

I removed a cycbot from my wife's laptop along with eliminating an F16.exe.  I used mbam but after I deleted the infected files and rebooted the laptop I no longer can access the internet.  The connection says everything is ok but it still will not connect.  Any ideas as to why this is happening would be greatly appreciated.
Also, I checked the internet status of my cpu and it is under the name a for my wireless name, where my wife's laptop is connected to a2.  Not sure if this makes any difference but thought i would mention it.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post.

[washingmachine]

After running MiniToolBox on my wife's laptop the internet is up and running and there seems to be no malicious bugs anymore.  Thank you very much SuperDave.  I did not post all the MiniToolBox info yet but if you feel it still needs to be done I can do that.  You guys have been a great help to me with any cpu questions I have, again Thank You.

[washingmachine]

Here is the MiniToolBox info.

MiniToolBox by Farbar  Version: 18-01-2012
Ran by Invisigoth (administrator) on 19-02-2012 at 21:45:13
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:56909

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Intel(R) WiFi Link 1000 BGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Invisigoth-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 00-1E-64-70-58-32
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-ED-E0-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F6E4DA7E-503F-4D90-9872-9080A2D6DCA9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.ca.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 4ms
===========================================================================
Interface List
 13...00 1e 64 70 58 32 ......Intel(R) WiFi Link 1000 BGN
 11...00 1f 16 ed e0 65 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/19/2012 07:45:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/19/2012 07:25:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

Error: (02/19/2012 07:25:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/19/2012 07:25:38 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

Error: (02/19/2012 07:25:38 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/19/2012 07:25:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

Error: (02/19/2012 07:25:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/19/2012 07:25:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

Error: (02/19/2012 07:25:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/18/2012 10:19:50 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.


System errors:
=============
Error: (02/19/2012 09:35:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/19/2012 09:35:55 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/19/2012 07:50:46 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002c55703, 0x0000000000000000, 0x000000007ef90000)C:\Windows\MEMORY.DMP021912-80886-01

Error: (02/19/2012 07:44:21 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (02/19/2012 07:44:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/19/2012 07:44:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/19/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/19/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/19/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/19/2012 07:44:09 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3999.19 MB
Available physical RAM: 2454.61 MB
Total Pagefile: 7996.53 MB
Available Pagefile: 6322.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.37 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:286.03 GB) (Free:132.64 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:2 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (Backup USB) (Removable) (Total:14.92 GB) (Free:6.87 GB) FAT32

========================= Users: ========================================

User accounts for \\INVISIGOTH-PC

Administrator            Guest                    Invisigoth               


**** End of log ****

[SuperDave]

That's good news. Here are a couple more scans to run to clean the computer.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[washingmachine]

Here is the Mbam and SUPERAntiSpyware info.
Mbam
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Invisigoth :: INVISIGOTH-PC [administrator]

Protection: Enabled

2/21/2012 7:32:23 PM
mbam-log-2012-02-21 (19-32-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 448013
Time elapsed: 1 hour(s), 26 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1884 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files (x86)\LP\065B\8095.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Invisigoth\AppData\Local\Temp\174F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Invisigoth\AppData\Roaming\OUTLOOK.EXE (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Invisigoth\AppData\Roaming\Microsoft\065B\C39C.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

SUPERAntiSpayware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/21/2012 at 11:45 PM

Application Version : 5.0.1144

Core Rules Database Version : 8264
Trace Rules Database Version: 6076

Scan type       : Complete Scan
Total Scan Time : 02:22:27

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 605
Memory threats detected   : 0
Registry items scanned    : 66449
Registry threats detected : 0
File items scanned        : 191482
File threats detected     : 42

Adware.Tracking Cookie
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\23CPO34A.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBPNPE75.txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YFLNR9M.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\70W8X1RA.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYHAVWOZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0PNTANH1.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CB7F81X.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROUB6SK9.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DCZOGQ53.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\WOZSBET5.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\YUAQ0LVN.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TT9X1YL2.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AM5N0HFS.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RB0HK55W.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\HWFL3LVL.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKOYUQOP.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMYDEUXD.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\07GMARWB.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNO0V7O4.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TY939P65.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M1553VEG.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I497IL38.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKJXKPJT.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZTPFZZA.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\5U298QE4.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3SQJB7I.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\K320WHUL.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TABI8JS4.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4F10RU3A.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLAPY534.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\N92HY4OH.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\7WKZ8CLW.txt [ Cookie:[email protected]/dcsk16hof000004bfefbkcw6o_1f9b ]
   bbca.channelfinder.net [ C:\USERS\INVISIGOTH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N5AGTNBW ]
   media1.break.com [ C:\USERS\INVISIGOTH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N5AGTNBW ]
   secure-us.imrworldwide.com [ C:\USERS\INVISIGOTH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N5AGTNBW ]
   secure-us.imrworldwide.com [ C:\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VXGQRBR3 ]
   content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   media.charter.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]


A 3rd party is still trying to access laptop after both scans.  Mbam blocks it each time.  Will resetting my modem or router help stop this?

[SuperDave]

A 3rd party is still trying to access laptop after both scans.  Mbam blocks it each time.  Will resetting my modem or router help stop this?

That certainly wouldn't hurt.

Download Combofix from any of the links below, and save it to your desktop. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

[washingmachine]

after running combofix the laptop froze and I had to reboot, all the log info was lost.  After reboot and trying to access the internet on laptop I am redirected to added success each time.  Problem with virus seems to be getting worse.  Any advice would help.

[SuperDave]

after running combofix the laptop froze and I had to reboot, all the log info was lost.

You should be able to find it on your C drive in the ComboFix folder. Look for a ComboFix.txt.
Please update and run SAS and MBAM again and post the logs.

[washingmachine]

Thanks for the info SuperDave.  Found log for combofix.
ComboFix 12-02-25.02 - Invisigoth 02/27/2012  17:03:44.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3999.2536 [GMT -8:00]
Running from: c:\users\Invisigoth\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-28 to 2012-02-28  )))))))))))))))))))))))))))))))
.
.
2012-02-28 01:52 . 2012-02-28 01:52   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-22 05:17 . 2012-02-22 05:17   --------   d-----w-   c:\users\Invisigoth\AppData\Roaming\SUPERAntiSpyware.com
2012-02-22 05:15 . 2012-02-22 05:17   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-22 05:15 . 2012-02-22 05:15   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-22 03:30 . 2012-02-22 03:30   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-20 03:26 . 2011-12-16 08:42   634368   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-20 03:26 . 2011-12-16 07:59   690688   ----a-w-   c:\windows\SysWow64\msvcrt.dll
2012-02-19 07:13 . 2011-12-28 03:59   499200   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-02-19 07:13 . 2012-01-03 06:24   515584   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-19 07:13 . 2012-01-03 05:44   478208   ----a-w-   c:\windows\SysWow64\timedate.cpl
2012-02-19 07:13 . 2012-01-04 09:58   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-19 07:13 . 2012-01-04 09:03   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2012-02-19 07:12 . 2012-01-14 04:02   3143168   ----a-w-   c:\windows\system32\win32k.sys
2012-02-19 06:52 . 2012-02-20 05:33   --------   d-----w-   C:\Temp
2012-02-19 04:58 . 2012-02-19 04:58   --------   d-----w-   c:\users\Invisigoth\AppData\Roaming\Malwarebytes
2012-02-19 04:58 . 2012-02-19 04:58   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-19 04:58 . 2012-02-19 04:58   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-19 04:58 . 2011-12-10 23:24   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-19 01:12 . 2012-02-19 01:12   --------   d-----w-   c:\users\Invisigoth\AppData\Roaming\27261
2012-02-19 01:12 . 2012-02-19 01:12   --------   d-----w-   c:\users\Invisigoth\AppData\Roaming\B6827
2012-02-13 05:02 . 2012-02-21 02:01   --------   d-----w-   c:\program files (x86)\27261
2012-02-11 04:37 . 2012-02-11 04:37   6656   ----a-w-   c:\programdata\Microsoft\Windows\DRM\16C1.tmp
2012-02-11 04:37 . 2012-02-11 04:37   6656   ----a-w-   c:\programdata\Microsoft\Windows\DRM\16C0.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 03:29 . 2010-04-25 18:56   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-27_21.16.45   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 18:30 . 2012-02-28 01:56   58718              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-28 01:56   50582              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-21 23:47 . 2012-02-27 20:07   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-21 23:47 . 2012-02-28 00:32   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 23:47 . 2012-02-27 20:07   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-21 23:47 . 2012-02-28 00:32   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-27 20:07   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 00:32   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-24 16:50 . 2012-02-27 21:14   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 16:50 . 2012-02-28 01:54   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-27 21:50   80184              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-11 04:43 . 2012-02-28 01:54   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-11 04:43 . 2012-02-27 21:14   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-11 04:43 . 2012-02-28 01:54   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-11 04:43 . 2012-02-27 21:14   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-11 04:43 . 2012-02-27 21:14   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-02-11 04:43 . 2012-02-28 01:54   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-24 16:50 . 2012-02-28 01:54   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-24 16:50 . 2012-02-27 21:14   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-24 16:50 . 2012-02-27 21:14   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-24 16:50 . 2012-02-28 01:54   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 17:27 . 2012-02-28 01:56   6200              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3019844222-3475717226-3334360366-1000_UserData.bin
- 2012-02-27 21:14 . 2012-02-27 21:14   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-28 01:53 . 2012-02-28 01:53   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-28 01:53 . 2012-02-28 01:53   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-27 21:14 . 2012-02-27 21:14   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-13 00:16 . 2012-02-27 21:15   262144              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-13 00:16 . 2012-02-28 01:55   262144              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-28 01:55   131072              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-27 21:15   131072              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-27 21:15   294912              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 01:55   294912              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 22:02 . 2012-02-28 00:14   318280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-02-27 21:12   314632              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-28 01:52   314632              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-27 21:15   1851392              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 01:55   1851392              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-30 07:27 . 2012-02-28 00:14   1704772              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3019844222-3475717226-3334360366-1000-8192.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41   120104   ----a-w-   c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Invisigoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-6-10 797184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-12 138360]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:35]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:35]
.
2012-02-24 c:\windows\Tasks\HPCeeScheduleForInvisigoth.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1259208527&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-27  18:20:41 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-28 02:20
ComboFix2.txt  2012-02-27 21:46
.
Pre-Run: 159,884,926,976 bytes free
Post-Run: 159,603,167,232 bytes free
.
- - End Of File - - 380BAB21DCE36B0E0D74599EC5781EBC

I will send the other info later, going to reset the router today first.

[SuperDave]

will send the other info later, going to reset the router today first.

Are you still having problems with the internet access? If so, please run this scan.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[washingmachine]

Sorry for the delay in getting back to forum, work has been busy. 
The internet is working on the laptop but I have 2 questions.  Malwarebytes is still stopping something from accessing the cpu, which is great but still makes me nervous when I see it.  Also windows did an automatic update for internet explorer 9 and when searching the web the laptop sometimes goes to other places then the website clicked on google.

Here is an update of SuperAntiSpyware and Malwarebytes.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2012 at 08:42 PM

Application Version : 5.0.1144

Core Rules Database Version : 8264
Trace Rules Database Version: 6076

Scan type       : Complete Scan
Total Scan Time : 02:07:52

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 588
Memory threats detected   : 0
Registry items scanned    : 66492
Registry threats detected : 0
File items scanned        : 238353
File threats detected     : 67

Adware.Tracking Cookie
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@2o7[1].txt [ /2o7 ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ad.yieldmanager ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@casalemedia[2].txt [ /casalemedia ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@doubleclick[1].txt [ /doubleclick ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@imrworldwide[2].txt [ /imrworldwide ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@insightexpressai[1].txt [ /insightexpressai ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /paypal.112.2o7 ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@revsci[1].txt [ /revsci ]
   C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@serving-sys[1].txt [ /serving-sys ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\invisigoth@doubleclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\46W89241.txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MXFON022.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AX9TNHR0.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\FR6VE4KD.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RRW89879.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Y8U57NI.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3O06QOBA.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\XRN3DRNK.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\invisigoth@atdmt[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KL5I62QY.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMOUJ7MZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\E29Y69JP.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6E0NCY0.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZX2BNYMN.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DAAVPC0B.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FVBCS94.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4ZCKE52.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYCJF7GB.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0AO59KMI.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6GQRI5Z.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TM9IV83Z.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M68YMNX1.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1AXB5D6M.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5M85ZWH.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RV6RJTF.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z9H4C8HO.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCTK0DN8.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4LPJQ16.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\invisigoth@statcounter[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BNMRKO2.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KDCU0W92.txt [ Cookie:[email protected]/account ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY5IKAKM.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KRMFTU7J.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6H8X7K01.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBSH2JNE.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEU5KRGX.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1TG63NR.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQOT46XQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8YLKXXT.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\WRNECOJG.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ARSMS86B.txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\invisigoth@doubleclick[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\invisigoth@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\INVISIGOTH\Cookies\invisigoth@serving-sys[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\invisigoth@casalemedia[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\invisigoth@2o7[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\invisigoth@insightexpressai[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\INVISIGOTH\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   secure-uk.imrworldwide.com [ C:\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VXGQRBR3 ]
   sftrack.searchforce.net [ C:\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VXGQRBR3 ]
   content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   media.charter.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
   tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.01

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Invisigoth :: INVISIGOTH-PC [administrator]

Protection: Disabled

3/6/2012 8:34:05 PM
mbam-log-2012-03-06 (20-34-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461251
Time elapsed: 56 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1500 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Thanks again for the help.

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[washingmachine]

Here are the results.

 Results of screen317's Security Check version 0.99.24 
 Windows 7  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Java(TM) 6 Update 31 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
``````````End of Log````````````

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\  [Fixed-NTFS] .. ( Total:286 Go - Free:149 Go )
D:\  [Fixed-NTFS] .. ( Total:11 Go - Free:2 Go )
E:\  [CD_Rom]
.
Scan : 21:13.03
Path : C:\Users\Invisigoth\Downloads\Rooter (1).exe
User : Invisigoth ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (280)
Locked csrss.exe (388)
Locked csrss.exe (448)
Locked wininit.exe (456)
Locked winlogon.exe (504)
Locked services.exe (552)
Locked lsass.exe (560)
Locked lsm.exe (572)
Locked svchost.exe (664)
Locked svchost.exe (748)
Locked svchost.exe (840)
Locked svchost.exe (872)
Locked svchost.exe (900)
Locked svchost.exe (304)
Locked Smc.exe (540)
Locked svchost.exe (1040)
______ ó??? (1176)
______ ó??? (1212)
Locked ccSvcHst.exe (1256)
Locked spoolsv.exe (1536)
Locked svchost.exe (1576)
______ ó??? (1616)
______ ó??? (1656)
______ ó??? (1812)
Locked SASCore64.exe (1928)
______ ó??? (1976)
Locked AppleMobileDeviceService.exe (2036)
______ ó??? (2044)
______ ó??? (1316)
Locked SmcGui.exe (1628)
______ ó??? (1752)
______ ó??? (1784)
______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (2076)
Locked svchost.exe (2088)
Locked GoogleToolbarNotifier.exe (2112)
Locked SeaPort.EXE (2188)
Locked conhost.exe (2244)
______ C:\Program Files (x86)\HP\QuickPlay\QPService.exe (2432)
Locked mDNSResponder.exe (2484)
______ C:\Users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe (2512)
Locked svchost.exe (2584)
Locked LSSrvc.exe (2644)
Locked mdm.exe (2772)
______ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (2908)
Locked MotoHelperService.exe (2916)
______ C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (2956)
______ C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (2964)
Locked MotoHelper.exe (3016)
______ ó??? (3032)
Locked RichVideo.exe (368)
______ C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe (2144)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2580)
Locked svchost.exe (1748)
Locked Rtvscan.exe (1920)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (2200)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2612)
Locked schtasks.exe (2932)
Locked conhost.exe (980)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2028)
Locked ADVWindowsClientService.exe (2124)
Locked ProtectionUtilSurrogate.exe (3360)
Locked iPodService.exe (3824)
Locked SearchIndexer.exe (3876)
Locked hpqWmiEx.exe (2560)
Locked svchost.exe (3512)
Locked svchost.exe (1312)
Locked WmiPrvSE.exe (3672)
Locked svchost.exe (4212)
Locked SynTPHelper.exe (4272)
Locked Com4QLBEx.exe (4516)
Locked wmpnetwk.exe (4740)
______ C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (4468)
______ ó??? (5004)
Locked svchost.exe (1984)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5596)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5644)
______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (5892)
______ C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (5980)
Locked mbamservice.exe (5252)
Locked SearchProtocolHost.exe (5496)
Locked SearchFilterHost.exe (4044)
______ C:\Users\Invisigoth\Downloads\Rooter (1).exe (5760)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:307117424640)
\Device\Harddisk0\Partition3 (Start_Offset:307327139840 | Length:12744392704)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\HPCeeScheduleForInvisigoth.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:13.20
.
C:\Rooter$\Rooter_1.txt - (08/03/2012 | 21:13.20)

[SuperDave]

Please update me on how your computer is working now.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt