Thanks for your help so far - I definitely appreciate it!!!!!!!!!!
I look forward to next steps.
I had to deviate on the Adobe Reader step. I will explain below:
*****
Java upgraded from 1.6.0.23 to version 1.6.0.33.
*****
Adobe Reader 10.0 removed - do not have Internet where I currently am, so I will add Adobe Reader 10.1.3 tonight when I get home and can open an Internet connection.
*****
ASWMBR.exe ran - Log below:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-26 12:36:49
-----------------------------
12:36:49.152 OS Version: Windows 6.1.7601 Service Pack 1
12:36:49.152 Number of processors: 4 586 0x2505
12:36:49.168 ComputerName: PASTOR UserName:
12:36:50.306 Initialize success
12:37:28.393 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:37:28.409 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
12:37:28.424 Disk 0 MBR read successfully
12:37:28.424 Disk 0 MBR scan
12:37:28.440 Disk 0 Windows VISTA default MBR code
12:37:28.440 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:37:28.471 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11420 MB offset 81920
12:37:28.487 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293784 MB offset 23470080
12:37:28.487 Disk 0 scanning sectors +625139712
12:37:28.565 Disk 0 scanning C:\Windows\system32\drivers
12:37:34.664 Service scanning
12:37:47.207 Modules scanning
12:37:54.726 Disk 0 trace - called modules:
12:37:54.742 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll iaStor.sys
12:37:55.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e09030]
12:37:55.272 3 CLASSPNP.SYS[8b5b959e] -> nt!IofCallDriver -> [0x87e085a0]
12:37:55.272 5 stdcfltn.sys[8b7f1896] -> nt!IofCallDriver -> [0x86243878]
12:37:55.288 7 ACPI.sys[8aec03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86248028]
12:37:55.288 Scan finished successfully
12:38:21.152 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
12:38:21.184 The log file has been saved successfully to "E:\aswMBR_log.txt"
*****
SYSPROT RootKit run successfully - log below:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 9022D000
Module End: 903E2000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 97D18000
Module End: 97D29000
Hidden: Yes
Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: ACBB3000
Module End: ACBD4000
Hidden: Yes
Module Name: \??\C:\Users\DSCHOE~1.ADV\AppData\Local\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: ACBD4000
Module End: ACBE0000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Users\mrigg.ADVENT\AppData\Roaming\Microsoft\Office\Recent\
???S ?O?
?.LNK
Status: Hidden
Object: C:\Users\mrigg.ADVENT\Documents\
???S ?O?
?.docx
Status: Hidden
Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied