Thank-you for any help with this. I have run spybot & malwarebytes, but to no avail.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by SAS2 at 11:20:41 on 2012-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4063.3277 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.snaacnow.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "C:\Users\SAS2\AppData\Local\Akamai\netsession_win.exe"
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\SAS2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} - hxxp://50.76.146.51/WebCamX.cab
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://www.snaacnow.com/web/ui/webforms/DynamicWebTWAIN.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4B67613C-56D4-41C8-BAAE-6B576B71AD72} : DhcpNameServer = 192.168.1.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SAS2\AppData\Roaming\Mozilla\Firefox\Profiles\ag96lcr2.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
S2 Agent;Agent;C:\Windows\agent_x64.exe [2012-1-12 102912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-23 654408]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-24 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-13 1038088]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-5-11 362296]
.
=============== Created Last 30 ================
.
2012-04-24 14:49:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-24 14:49:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-23 22:28:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-23 22:28:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-23 21:11:33 -------- d-----w- C:\Users\SAS2\AppData\Roaming\Media Finder
2012-04-23 21:08:40 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-23 21:07:33 -------- d-----we C:\Windows\system64
2012-04-23 19:55:37 487666616 ----a-w- C:\AcrobatPro_10_Web_WWEFD.exe
2012-04-23 19:52:47 -------- d-----w- C:\Users\SAS2\AppData\Local\Akamai
2012-04-23 19:35:17 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-23 16:43:58 -------- d-----w- C:\Users\SAS2\AppData\Roaming\Malwarebytes
2012-04-23 16:43:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-23 16:10:15 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-20 07:57:58 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88513569-7FD8-405C-85B1-26EE8D679C7A}\mpengine.dll
2012-04-11 07:04:58 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-11 07:04:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-11 07:04:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 07:04:57 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-11 07:03:46 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 07:03:46 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 07:03:46 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 07:01:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 07:00:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 07:00:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 07:00:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 07:00:48 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 07:00:48 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 07:00:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-03 18:36:45 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2012-04-23 16:10:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:21:16.52 ===============

Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-24 13:08:14
-----------------------------
13:08:14.086 OS Version: Windows x64 6.1.7601 Service Pack 1
13:08:14.086 Number of processors: 4 586 0x403
13:08:14.087 ComputerName: SAS2-PC UserName: SAS2
13:08:32.413 Initialize success
13:08:44.367 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000057
13:08:44.368 Disk 0 Vendor: WDC_WD16 10.0 Size: 152627MB BusType: 3
13:08:44.369 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000058
13:08:44.370 Disk 1 Vendor: CSSD-V60 1.1_ Size: 57241MB BusType: 3
13:08:44.373 Disk 1 MBR read successfully
13:08:44.374 Disk 1 MBR scan
13:08:44.375 Disk 1 Windows 7 default MBR code
13:08:44.377 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:08:44.379 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
13:08:44.381 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
13:08:44.383 Disk 1 scanning C:\Windows\system32\drivers
13:08:47.280 Service scanning
13:10:54.310 Disk 1 MBR has been saved successfully to "C:\Users\SAS2\Desktop\MBR.dat"
13:10:54.310 The log file has been saved successfully to "C:\Users\SAS2\Desktop\aswMBR.txt"

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

I ran the last step following all directions. The computer completely froze before I could get the log text. Now it wont reboot.

In the process of trying to recover whatever driver has gotten deleted I have managed to get to a point where I can look through all the files. Keep in mind Windows hasn't started.
Ive put my Windows disk in to try to load basic drivers, but that doesn't help. If there is anything I need to look for I will. I can't edit files, but I can possibly replace then from a thumb drive, as I am copying some files to a thumbdrive in case of total reformat. I did find the report from the last step you had me do. I will post it shortly. Thanks again for your help.

ComboFix 12-04-24.02 - SAS2 04/24/2012 14:48:51.1.4 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4063.3098 [GMT -4:00]
Running from: C:\Users\SAS2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\SAS2\AppData\Roaming\Mozilla\Firefox\Profiles\ag96lcr2.default\weave\toFetch
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\system32\consrv.dll
C:\Windows\system32\dds_trash_log.cmd
C:\Windows\System64
C:\Windows\SysWow64\regobj.dll


((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))


2012-04-24 18:56:48 . 2012-04-24 18:56:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-24 15:19:17 . 2012-04-24 15:19:30 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-04-24 14:49:18 . 2012-04-24 14:54:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-24 14:49:17 . 2012-04-24 14:54:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-23 22:28:18 . 2012-04-23 22:28:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-23 22:28:18 . 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-23 21:11:33 . 2012-04-23 21:13:47 -------- d-----w- C:\Users\SAS2\AppData\Roaming\Media Finder
2012-04-23 19:55:37 . 2012-04-23 20:10:31 487666616 ----a-w- C:\AcrobatPro_10_Web_WWEFD.exe
2012-04-23 19:52:47 . 2012-04-23 19:54:01 -------- d-----w- C:\Users\SAS2\AppData\Local\Akamai
2012-04-23 19:35:17 . 2012-04-23 19:35:18 -------- d-----w- C:\Windows\system32\appmgmt
2012-04-23 16:43:58 . 2012-04-23 16:43:58 -------- d-----w- C:\Users\SAS2\AppData\Roaming\Malwarebytes
2012-04-23 16:43:11 . 2012-04-23 16:43:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-23 16:10:15 . 2012-04-23 16:10:15 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-20 07:57:58 . 2012-04-13 08:46:11 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88513569-7FD8-405C-85B1-26EE8D679C7A}\mpengine.dll
2012-04-11 07:04:58 . 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-11 07:04:57 . 2012-02-28 06:51:51 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-11 07:04:57 . 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\system32\wininet.dll
2012-04-11 07:04:57 . 2012-02-28 01:13:13 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 07:03:46 . 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-11 07:03:46 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 07:03:46 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 07:01:00 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 07:00:55 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-11 07:00:54 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 07:00:48 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-11 07:00:48 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-11 07:00:48 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 07:00:48 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-23 16:10:15 . 2012-01-13 15:47:00 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:27 . 2012-03-13 18:21:35 1112064 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-02-17 06:38:26 . 2012-03-13 18:21:35 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 05:34:22 . 2012-03-13 18:21:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 . 2012-03-13 18:21:35 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 18:21:35 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-10 06:36:07 . 2012-03-13 19:33:48 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-13 19:33:47 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 . 2012-03-13 19:33:56 3145728 ----a-w- C:\Windows\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
"Akamai NetSession Interface"="C:\Users\SAS2\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 09:37:52 3331872]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 19:13:40 36760]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 19:13:42 821144]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 19:56:38 462408]

C:\Users\SAS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 16:10:15 253088]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-13 17:13:12 1038088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-05-11 21:05:40 362296]
S2 Agent;Agent;C:\Windows\agent_x64.exe [2011-08-24 17:59:58 102912]
S2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 19:56:40 654408]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 19:31:10 1153368]
S3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-04-24 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 16:10:15 . 2012-04-23 16:10:15]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 21:40:58 1873256]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 20:59:06 2417032]
"combofix"="C:\ComboFix\CF1445.3XE" [2010-11-21 03:23:55 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wintab32
USB11LDR

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.snaacnow.com/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} - hxxp://50.76.146.51/WebCamX.cab
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://www.snaacnow.com/web/ui/webforms/DynamicWebTWAIN.cab
FF - ProfilePath - C:\Users\SAS2\AppData\Roaming\Mozilla\Firefox\Profiles\ag96lcr2.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 4

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Media Finder - C:\Program Files (x86)\Media Finder\MF.exe
HKLM_Wow6432Node-ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008

Hi,

Have you tried startup repair option?

If not, then boot to the System Recovery Options (http://www.sevenforums.com/tutorials/668-system-recovery-options.html) screen and select startup repair there.

I've tried all the startup repair options I could find.

Startup repair: problem signature 07: CorruptAcl

Info: I have another hard drive in this computer that jas successfuly let me boot onto it (vista). I can access the hd to make changes if need be. Please inform. Thanks

Hi,

Sorry for a delayed reply. Let's see if we can restore ERUNT backup.

To access the Advanced Boot Options Menu, restart the machine and tap the F8 key. From the Advanced Boot Options menu, select Repair Your Computer
You should now see the Recovery Environment Menu. From that menu, select Command Prompt

The Recovery Environment is in the X:\ drive .

At the X:\> prompt, type in following:

cd /d c:\windows\erdnt\hiv-backup\erdnt.exe

(note – there is a space before, and after, /d)

Press Enter.

A prompt will appear that this program will restore a registry backup. Once you click OK, the ERUNT backups will begin copying. When they have finished, you will see another dialog box advising you the restoration is complete.

Click OK, then type in Exit and press Enter.

See if Windows loads now.

After typing that at the command prompt ( x:\Sources> ) it states "The system cannot find the path specified."

Hi,

Try this command:
bcdedit | find “osdevice”

Note down the "osdevice" partition and then use it in the following command (in this example I assume the partition would be d: ):
cd /d d:\windows\erdnt\hiv-backup\erdnt.exe

The partition is "F". I tried multiple variances of the command line, but all came back with "The system cannot find the path specified".

F:\>cd /d d:\windows\erdnt\hiv-backup\erdnt.exe

X:\Windows\System32>cd /d f:\windows\erdnt\hiv-backup\erdnt.exe

X:\Windows\System32>cd /f f:\windows\erdnt\hiv-backup\erdnt.exe

F:\>cd /d F:\windows\erdnt\hiv-backup\erdnt.exe

None of these variances worked.

I can access all the files and data of this HD from another HD on this computer. Is there anyway to repair the registry that way if this doesn't work? Thanks again.

using the DIR command i've got a list of files inside the hiv-backup fodler:
bcd
default
ERDNT.CON
ERDNT.EXE
ERDNT.INF
ERDNTDOS.LOC
ERDNTWIN.LOC
SAM
SECURITY
SOFTWARE
SYSTEM

I hope i didn't get the cart ahead of the horse here, but I booted up through Vista; found the file you were referring too ERDNT.EXE; ran it, but it kept giving me errors. I changed the dir to the correct drive (inside the erdnt.inf file). Which for some reason had changed from when I ran the program before we started all this. Anyway. I did all of this but the comp still wont reboot. Nothing seems to have changed.

Hi,

Please boot back into recovery environment and in command prompt navigate to that hiv-backup folder. Run ERDNT.EXE there.

If that goes ok a prompt will appear that this program will restore a registry backup. Once you click OK, the ERUNT backups will begin copying. When they have finished, you will see another dialog box advising you the restoration is complete.

Click OK, then type in Exit and press Enter.

It still gives me the same error (the subsystem needed to support the image type is not present).

I really appreciate all your help. Unfortunetly this is a work computer and I've run out of time. I've managed to salvage all my files onto an external HD. I'm just going to do a reformat/reinstall windows. I'm sorry if I've wasted your time, but I really do appreciate you trying to help me.

Unlike a thief who steals from you where you can put up cameras and catch them, it's much harder (if not impossible) to lay hands on the person that created the virus that started all this. If I could I would make sure he/she could never type on a keyboard again.

Thanks again for everything friend.

Ok, thanks for letting me know. It may well be that what you did was what we might had ended up to anyway. Good thing you were able to backup necessary files :)