Conficker virus deleted wuaueng.dll and screwed up admin controls

[redneondot]

Windows update doesn't work (error message; "Windows Update cannot currently check for updates because the service is not running"). All of the tools normally used to fix this problem didn't work including the removal/reinstall tools.
 
Through many processes, I found out I obtained a conficker virus (None of the anti-virus programs detect it) which apparently deleted Automatic Windows Update in the services.msc console and also affected syshost32 which now states <failed to read description. Error code: 5> and "A required entry in the registry is missing or an attempt to write to the registry failed".
 
I was told to reinstall wuaueng.dll however when I try it states "The module "wuaueng.dll" was loaded but the call to DllRegisterServer failed with error code 0x80070005". That error code (0x80070005) points to permission issues however I'm using the admin account and running cmd as administrator.
 
I downloaded a program called process explorer (process monitor wouldn't work) as instructed and found that under syshost a Temp file appears for a split second (6f9ffa35191f0666) with the description "Ms Scan Disc Application" and within that two files appear, both being winlogon.exe. When I try to terminate this process I'm told Access is Denied.
 
So I downloaded security task manager and found syshost listed under {B06C668B-58C3-BE66-7ED1-74E15E7E28A3}. When I try to run as administrator it states that "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
 
Any help greatly appreciated. I'm running windows vista home basic.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 1/21/2012 2:19:12 PM
System Uptime: 4/10/2012 9:38:23 PM (4 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU     E6550  @ 2.33GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 834 GiB total, 679.744 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_020D1028&REV_02\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_020D1028&REV_02\3&2411E6FE&0&FB
Service:
.
==== System Restore Points ===================
.
RP121: 3/19/2012 3:58:27 PM - Scheduled Checkpoint
RP122: 3/21/2012 1:56:51 PM - Scheduled Checkpoint
RP123: 3/22/2012 1:58:53 PM - Scheduled Checkpoint
RP125: 3/22/2012 3:50:24 PM - Installed GMATPrep(TM)
RP126: 3/23/2012 8:10:17 AM - Scheduled Checkpoint
RP127: 3/24/2012 4:04:40 PM - Scheduled Checkpoint
RP128: 3/25/2012 2:59:28 PM - Scheduled Checkpoint
RP129: 3/26/2012 2:02:14 PM - Scheduled Checkpoint
RP130: 3/26/2012 8:05:53 PM - Removed Ask Toolbar.
RP131: 3/26/2012 8:08:55 PM - Removed Ask Toolbar.
RP132: 3/26/2012 8:10:07 PM - Removed Ask Toolbar.
RP133: 3/26/2012 8:12:41 PM - Removed Ask Toolbar.
RP134: 3/27/2012 12:10:35 PM - Scheduled Checkpoint
RP136: 3/27/2012 3:21:50 PM - AOL-Computer Checkup
RP137: 3/28/2012 9:19:58 AM - Scheduled Checkpoint
RP138: 3/29/2012 11:04:35 AM - Scheduled Checkpoint
RP139: 3/29/2012 8:38:05 PM - Installed WeatherBug
RP140: 3/30/2012 12:25:46 AM - Removed CWA Reminder by We-Care.com v4.0.16.3
RP141: 3/30/2012 12:29:00 AM - Removed WeatherBug
RP142: 3/30/2012 11:31:15 PM - Scheduled Checkpoint
RP143: 3/31/2012 2:00:25 PM - Scheduled Checkpoint
RP144: 3/31/2012 9:51:27 PM - Removed CWA Reminder by We-Care.com v4.0.16.3
RP145: 3/31/2012 9:51:52 PM - Removed CWA Reminder by We-Care.com v4.0.16.3
RP146: 3/31/2012 9:52:15 PM - Removed CWA Reminder by We-Care.com v4.0.16.3
RP147: 4/1/2012 3:55:27 PM - Scheduled Checkpoint
RP148: 4/2/2012 1:33:18 PM - Scheduled Checkpoint
RP149: 4/3/2012 5:41:45 PM - Scheduled Checkpoint
RP150: 4/4/2012 7:47:52 AM - Scheduled Checkpoint
RP150: 4/5/2012 4:55:35 PM - Scheduled Checkpoint
RP152: 4/5/2012 6:21:39 PM - Installed DirectX
RP154: 4/5/2012 6:22:53 PM - Installed DirectX
RP156: 4/5/2012 7:51:26 PM - Installed DirectX
RP158: 4/5/2012 8:54:32 PM - Installed DirectX
RP160: 4/5/2012 11:01:29 PM - Installed DirectX
RP162: 4/6/2012 8:03:18 AM - Installed DirectX
RP164: 4/6/2012 12:08:09 PM - Installed DirectX
RP165: 4/7/2012 9:54:05 AM - Scheduled Checkpoint
RP166: 4/8/2012 7:44:55 AM - Scheduled Checkpoint
RP167: 4/8/2012 9:12:44 AM - Removed Microsoft Games for Windows Marketplace
RP168: 4/8/2012 9:16:43 AM - Removed Ask Toolbar.
RP169: 4/8/2012 9:31:02 AM - Removed Ask Toolbar.
RP170: 4/8/2012 9:32:56 AM - Removed CWA Reminder by We-Care.com v4.0.16.3
RP171: 4/8/2012 9:33:26 AM - Removed Microsoft Games for Windows - LIVE Redistributable
RP172: 4/10/2012 9:14:41 AM - Scheduled Checkpoint
RP174: 4/10/2012 7:47:12 PM - Windows Update
RP176: 4/10/2012 9:07:02 PM - Spyware Terminator 2012 (4/10/2012 9:07:01 PM)
RP177: 4/10/2012 10:12:56 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP178: 4/10/2012 10:21:37 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP180: 4/11/2012 12:04:25 AM - Move file to quarantine: {02478D38-C3F9-4efb-9B51-7695ECA05670}
RP182: 4/11/2012 12:05:08 AM - Move file to quarantine: {99079a25-328f-4bd4-be04-00955acaa0a7}
RP184: 4/11/2012 12:06:04 AM - Move file to quarantine: {D1ECD019-8423-43de-98D1-7892AF2DA309}
RP186: 4/11/2012 12:06:32 AM - Move file to quarantine: Ms Scan Disk Application
RP188: 4/11/2012 1:04:03 AM - Move file to quarantine: Ms Scan Disk Application
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
AOL Computer Checkup
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
Coupon Printer for Windows
GMATPrep(TM)
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 25
Lexmark 2600 Series
Linksys BEFCMU10 ver. 4 Cable Modem
Little Shop - Memories
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Fix it Center
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
REGSERVO
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Serif DrawPlus Starter Edition
Spyware Terminator 2012
Star Trek Online
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Windows Resource Kit Tools - SubInAcl.exe
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 5:11:01 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user BijeauxFamil-PC\Bijeaux Family SID (S-1-5-21-509231412-1556908907-1324064908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/8/2012 9:16:21 AM, Error: Service Control Manager [7000]  - The X6XSEx service failed to start due to the following error:  A device attached to the system is not functioning.
4/7/2012 3:59:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 174.64.181.126 for the Network Card with network address A47AA4B692B5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/6/2012 9:12:16 AM, Error: EventLog [6008]  - The previous system shutdown at 9:02:17 AM on 4/6/2012 was unexpected.
4/6/2012 7:49:20 PM, Error: EventLog [6008]  - The previous system shutdown at 7:46:48 PM on 4/6/2012 was unexpected.
4/5/2012 5:38:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/5/2012 5:38:41 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/5/2012 5:37:15 PM, Error: EventLog [6008]  - The previous system shutdown at 5:35:42 PM on 4/5/2012 was unexpected.
4/11/2012 12:10:32 AM, Error: Service Control Manager [7000]  - The MBAMSwissArmy service failed to start due to the following error:  A device attached to the system is not functioning.
4/10/2012 9:41:28 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The system cannot find the path specified.
4/10/2012 9:40:23 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  eeCtrl sp_rsdrv2
4/10/2012 9:40:23 PM, Error: Service Control Manager [7000]  - The Spyware Terminator 2012 Realtime Shield Driver service failed to start due to the following error:  A device attached to the system is not functioning.
4/10/2012 9:39:18 PM, Error: Microsoft-Windows-TaskScheduler [412]  - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
4/10/2012 7:40:20 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  eeCtrl
4/10/2012 4:54:10 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx86 ccSet_NIS eeCtrl IDSVix86 SRTSP SRTSPX SymDS SymEFA SymIRON SYMTDIv
4/10/2012 11:05:04 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Bijeaux Family at 1:32:50 on 2012-04-11
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3069.1196 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AOL Computer Checkup\SDCService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\locator.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AOL Computer Checkup\sdccont.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
TB: {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {D1C40BDF-7D78-4F25-8751-E772413A6CF0} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
TB: {CD3FEA81-A221-4E47-983E-F7DA6E62B59D} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Comp_isv] rundll32 "c:\programdata\comprver.dll",CreateProcessNotify
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MakiwaraNotify] "c:\program files\aol computer checkup\sdccont.exe" /dummy /cfg "c:\program files\aol computer checkup\uiframework\common\PCPowerCare.xml" /notifacationtoaster /mutexname notificationtoaster /hideWindow
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{BD9C6D65-8FC9-41EB-83D3-26B89FA74AFF} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C4205A74-D5AC-405B-A275-2C2199241B7D} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 AOL Computer Checkup;AOL Computer Checkup;c:\program files\aol computer checkup\sdcService.exe [2012-1-20 484248]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-1-24 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2012-4-10 482992]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
RUnknown syshost32;syshost32;

S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-4-10 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2012-1-21 14336]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-21 20464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-21 652360]
.
=============== Created Last 30 ================
.
2012-04-11 05:27:01   --------   d-----w-   c:\programdata\RegSERVO
2012-04-11 05:26:55   --------   d-----w-   c:\program files\REGSERVO
2012-04-11 04:59:18   --------   d-----w-   c:\programdata\SecTaskMan
2012-04-11 04:59:14   --------   d-----w-   c:\program files\Security Task Manager
2012-04-11 03:26:38   1081112   ----a-w-   c:\windows\system32\wuaueng (1).dll
2012-04-11 03:21:50   --------   d-----w-   c:\program files\Windows Resource Kits
2012-04-11 03:14:05   0   ----a-w-   c:\windows\system32\reset.cmd
2012-04-11 02:03:49   32768   ----a-w-   c:\windows\system32\drivers\sp_rsdrv2.sys
2012-04-11 02:03:49   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\Spyware Terminator
2012-04-11 02:03:49   --------   d-----w-   c:\programdata\Spyware Terminator
2012-04-11 02:02:00   --------   d-----w-   c:\program files\Spyware Terminator
2012-04-11 00:47:01   --------   d-----w-   C:\6222442e9022c34053a88e
2012-04-11 00:37:31   --------   d-----w-   c:\users\bijeaux family\appdata\local\FixItCenter
2012-04-11 00:33:40   --------   d-----w-   c:\windows\MATS
2012-04-11 00:33:40   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-04-10 21:28:54   92160   ----a-w-   c:\programdata\comprver.dll
2012-04-09 22:10:56   --------   d-----w-   c:\program files\Coupons
2012-04-07 13:56:57   117248   ----a-w-   c:\programdata\microsoft\windows\drm\66CE.tmp
2012-04-05 23:22:08   2106216   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2012-04-05 23:22:08   1998168   ----a-w-   c:\windows\system32\D3DX9_43.dll
2012-04-05 22:30:53   418464   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-03 18:01:55   1838   ----a-w-   c:\windows\system32\regHiveData.bin
2012-04-03 01:09:08   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\Maximize Games
2012-04-03 01:09:08   --------   d-----w-   c:\programdata\Maximize Games
2012-04-01 23:59:54   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\casualArts
2012-04-01 23:59:54   --------   d-----w-   c:\programdata\casualArts
2012-03-31 23:22:31   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\JoyBits
2012-03-31 18:05:27   --------   d-----w-   c:\program files\common files\Symantec Shared
2012-03-30 01:38:52   18944   ----a-r-   c:\users\bijeaux family\appdata\roaming\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A16301.exe
2012-03-30 01:38:01   --------   d-----w-   c:\users\bijeaux family\appdata\local\I Want This
2012-03-27 20:22:50   --------   d-----w-   C:\temp
2012-03-27 20:22:43   --------   d-----w-   c:\windows\SystemRepair
2012-03-27 20:22:36   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\AOL
2012-03-27 20:21:10   --------   d-----w-   c:\program files\AOL Computer Checkup
2012-03-27 00:00:36   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\Floodlight Games
2012-03-27 00:00:36   --------   d-----w-   c:\programdata\Floodlight Games
2012-03-22 20:50:41   --------   d-----w-   c:\program files\GMATPrep
2012-03-21 22:24:37   --------   d-----w-   c:\programdata\GameTap Web Player
2012-03-21 02:03:39   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\FamilyVacationCalifornia
2012-03-19 04:52:04   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\PeerNetworking
2012-03-18 20:00:54   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\Virtual Prophecy
2012-03-14 23:13:14   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\HitPoint Studios
2012-03-14 23:13:14   --------   d-----w-   c:\programdata\HitPoint Studios
2012-03-14 22:55:24   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\Freshy
2012-03-12 16:25:02   --------   d-----w-   c:\users\bijeaux family\appdata\roaming\EntwinedSoD
.
==================== Find3M  ====================
.
2012-04-05 22:30:53   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 19:08:09   300187612   ----a-w-   c:\program files\reg.reg
2012-02-19 18:54:53   1329   ----a-w-   c:\program files\reset.cmd
2012-02-19 18:54:33   379392   ----a-w-   c:\program files\subinacl.msi
2012-02-19 16:06:26   512992   ----a-w-   c:\program files\sdsetup_revwire207.exe
2012-02-14 04:29:37   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-02-01 02:26:32   131194   ----a-w-   C:\steambackup.exe
2012-01-28 15:05:59   98816   ----a-w-   c:\windows\system32\mfps.dll
2012-01-27 06:21:24   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-24 14:28:47   101888   ----a-w-   c:\windows\system32\ifxcardm.dll
2012-01-24 14:28:46   82432   ----a-w-   c:\windows\system32\axaltocm.dll
2012-01-23 14:58:53   411648   ----a-w-   c:\windows\system32\drivers\http.sys
2012-01-23 14:58:53   36864   ----a-w-   c:\windows\system32\drivers\en-us\http.sys.mui
2012-01-23 14:58:53   30720   ----a-w-   c:\windows\system32\httpapi.dll
2012-01-23 14:58:53   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2012-01-22 18:12:44   23552   ----a-w-   c:\windows\system32\lpk.dll
2012-01-22 18:12:44   10240   ----a-w-   c:\windows\system32\dciman32.dll
2012-01-22 18:09:15   61440   ----a-w-   c:\windows\system32\winipsec.dll
2012-01-22 18:09:14   272896   ----a-w-   c:\windows\system32\polstore.dll
2012-01-22 18:03:43   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2012-01-22 18:03:43   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2012-01-22 18:03:43   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2012-01-22 18:03:43   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2012-01-22 18:03:43   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2012-01-22 18:03:43   105984   ----a-w-   c:\windows\system32\netiohlp.dll
2012-01-22 18:03:43   10240   ----a-w-   c:\windows\system32\finger.exe
2012-01-22 18:03:42   19968   ----a-w-   c:\windows\system32\ARP.EXE
2012-01-22 18:00:09   127488   ----a-w-   c:\windows\system32\L2SecHC.dll
2012-01-22 18:00:08   68096   ----a-w-   c:\windows\system32\wlanhlp.dll
2012-01-22 18:00:08   65024   ----a-w-   c:\windows\system32\wlanapi.dll
2012-01-22 18:00:08   513536   ----a-w-   c:\windows\system32\wlansvc.dll
2012-01-22 18:00:08   302592   ----a-w-   c:\windows\system32\wlansec.dll
2012-01-22 18:00:08   293376   ----a-w-   c:\windows\system32\wlanmsm.dll
2012-01-22 18:00:06   15181   ----a-w-   c:\windows\system32\gatherWirelessInfo.vbs
2012-01-22 17:59:02   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2012-01-22 17:59:02   1401856   ----a-w-   c:\windows\system32\msxml6.dll
2012-01-22 17:59:01   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2012-01-22 17:57:51   218624   ----a-w-   c:\windows\system32\msv1_0.dll
2012-01-22 17:54:51   53248   ----a-w-   c:\windows\system32\rrinstaller.exe
2012-01-22 17:54:51   24576   ----a-w-   c:\windows\system32\mfpmp.exe
2012-01-22 17:54:51   2048   ----a-w-   c:\windows\system32\mferror.dll
2012-01-22 17:49:06   71680   ----a-w-   c:\windows\system32\atl.dll
2012-01-22 17:41:53   160256   ----a-w-   c:\windows\system32\wkssvc.dll
2012-01-22 17:40:52   53248   ----a-w-   c:\windows\system32\tsgqec.dll
2012-01-22 17:40:52   136192   ----a-w-   c:\windows\system32\aaclient.dll
2012-01-22 17:37:17   714240   ----a-w-   c:\windows\system32\timedate.cpl
2012-01-22 17:28:49   623616   ----a-w-   c:\windows\system32\localspl.dll
2012-01-22 17:24:03   499712   ----a-w-   c:\windows\system32\kerberos.dll
2012-01-22 17:24:03   175104   ----a-w-   c:\windows\system32\wdigest.dll
2012-01-22 17:17:59   6656   ----a-w-   c:\windows\system32\kbd106n.dll
2012-01-22 17:15:35   62464   ----a-w-   c:\windows\system32\l3codeca.acm
2012-01-22 17:15:35   220672   ----a-w-   c:\windows\system32\l3codecp.acm
2012-01-22 17:13:56   25088   ----a-w-   c:\windows\system32\drivers\tunnel.sys
2012-01-22 17:13:56   200704   ----a-w-   c:\windows\system32\iphlpsvc.dll
2012-01-22 17:13:55   30720   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-01-22 17:13:55   15360   ----a-w-   c:\windows\system32\drivers\TUNMP.SYS
2012-01-22 17:06:23   37888   ----a-w-   c:\windows\system32\printcom.dll
2012-01-22 17:04:58   14848   ----a-w-   c:\windows\system32\wshrm.dll
2012-01-22 17:04:09   43520   ----a-w-   c:\windows\system32\msdxm.tlb
2012-01-22 17:04:09   313344   ----a-w-   c:\windows\system32\wmpdxm.dll
2012-01-22 17:04:09   18432   ----a-w-   c:\windows\system32\amcompat.tlb
2012-01-22 17:04:07   7680   ----a-w-   c:\windows\system32\spwmp.dll
2012-01-22 17:04:07   4096   ----a-w-   c:\windows\system32\msdxm.ocx
2012-01-22 17:04:07   4096   ----a-w-   c:\windows\system32\dxmasf.dll
2012-01-22 17:03:13   526336   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2012-01-22 17:03:13   518144   ----a-w-   c:\windows\system32\RMActivate.exe
2012-01-22 17:03:13   471552   ----a-w-   c:\windows\system32\secproc_isv.dll
2012-01-22 17:03:13   471552   ----a-w-   c:\windows\system32\secproc.dll
2012-01-22 17:03:13   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2012-01-22 17:03:13   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-22 17:03:13   332288   ----a-w-   c:\windows\system32\msdrm.dll
2012-01-22 17:03:13   152576   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2012-01-22 17:03:13   152064   ----a-w-   c:\windows\system32\secproc_ssp.dll
2012-01-22 16:17:18   2560   ----a-w-   c:\windows\apppatch\AcRes.dll
2012-01-22 16:15:53   84480   ----a-w-   c:\windows\system32\INETRES.dll
2012-01-22 16:15:25   60928   ----a-w-   c:\windows\system32\msasn1.dll
2012-01-22 16:14:10   784896   ----a-w-   c:\windows\system32\rpcrt4.dll
2012-01-22 16:13:05   243712   ----a-w-   c:\windows\system32\rastls.dll
2012-01-22 16:12:38   355328   ----a-w-   c:\windows\system32\WSDApi.dll
2012-01-22 16:11:27   91136   ----a-w-   c:\windows\system32\avifil32.dll
2012-01-22 16:11:27   82944   ----a-w-   c:\windows\system32\mciavi32.dll
2012-01-22 16:11:27   65024   ----a-w-   c:\windows\system32\avicap32.dll
2012-01-22 16:11:27   50176   ----a-w-   c:\windows\system32\iyuv_32.dll
2012-01-22 16:11:27   31744   ----a-w-   c:\windows\system32\msvidc32.dll
2012-01-22 16:11:27   22528   ----a-w-   c:\windows\system32\msyuv.dll
2012-01-22 16:11:27   13312   ----a-w-   c:\windows\system32\msrle32.dll
2012-01-22 16:11:27   123904   ----a-w-   c:\windows\system32\msvfw32.dll
2012-01-22 16:11:27   12288   ----a-w-   c:\windows\system32\tsbyuv.dll
2012-01-22 16:10:52   604672   ----a-w-   c:\windows\system32\WMSPDMOD.DLL
2012-01-22 16:10:17   310784   ----a-w-   c:\windows\system32\unregmp2.exe
2012-01-21 19:19:45   0   ----a-w-   c:\windows\ativpsrm.bin
2012-01-21 19:06:01   172032   ----a-w-   c:\windows\system32\wintrust.dll
2012-01-21 19:05:43   98304   ----a-w-   c:\windows\system32\cabview.dll
2012-01-21 18:58:13   2421760   ----a-w-   c:\windows\system32\wucltux.dll
2012-01-21 18:57:37   87552   ----a-w-   c:\windows\system32\wudriver.dll
2012-01-21 18:57:11   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-01-21 18:57:11   171608   ----a-w-   c:\windows\system32\wuwebv.dll
.
============= FINISH:  1:33:30.64 ===============

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
REGSERVO
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
**************************************************
Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[redneondot]

Thanks for any help you can offer, SuperDave!

Results of screen317's Security Check version 0.99.24 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 avast! Free Antivirus   
 Bitdefender Internet Security 2012   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Java(TM) 6 Update 25 
 Out of date Java installed!
 Adobe Reader X (10.1.2)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe   
 Bitdefender Bitdefender 2012 updatesrv.exe 
 Bitdefender Bitdefender 2012 bdagent.exe 
 Bitdefender Bitdefender 2012 vsserv.exe 
 Bitdefender Bitdefender 2012 seccenter.exe 
 AVAST Software Avast AvastUI.exe 
``````````End of Log````````````

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[redneondot]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2012 at 09:40 PM

Application Version : 5.0.1146

Core Rules Database Version : 8445
Trace Rules Database Version: 6257

Scan type       : Complete Scan
Total Scan Time : 00:36:47

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 548
Memory threats detected   : 0
Registry items scanned    : 34404
Registry threats detected : 0
File items scanned        : 110403
File threats detected     : 132

Adware.Tracking Cookie
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\2MAZM7JS.txt [ /imrworldwide.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\T89D52DT.txt [ /ru4.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\QT4C81IJ.txt [ /fastclick.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\SN9L0RR1.txt [ /stats.townnews.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\4PC5CUU7.txt [ /zedo.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\H6FBSSCB.txt [ /nakedsecurity.sophos.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\9UXPYEB3.txt [ /dmtracker.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\WDWZNQKB.txt [ /mediaplex.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\TDVAXJN7.txt [ /tacoda.at.atwola.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\G74YB4DG.txt [ /pointroll.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\I08F58IA.txt [ /media6degrees.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\ZDALF2ZO.txt [ /ar.atwola.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\XM4QC0XF.txt [ /adserver.zonemedia.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\SBQV623J.txt [ /ad.yieldmanager.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\2KVFEYJD.txt [ /revsci.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\CADBJ1E9.txt [ /atwola.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\C82X5QA4.txt [ /a1.interclick.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\M1OKWWZM.txt [ /invitemedia.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\GHA4CR89.txt [ /atdmt.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\YBJ0U8JQ.txt [ /serving-sys.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\0QDM4BB2.txt [ /doubleclick.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\2JRXP33I.txt [ /interclick.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\8Q5HSULM.txt [ /newsday.122.2o7.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\MW7SJ0HA.txt [ /lucidmedia.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\7DX58I2E.txt [ /adinterax.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\MP8EH22L.txt [ /collective-media.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\4RWUJZYK.txt [ /accounts.google.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\I2COENIA.txt [ /ads.pointroll.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\VM4K3QWO.txt [ /kanoodle.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\5PUZWJPV.txt [ /amazon-adsystem.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\QJQSZ5WC.txt [ /at.atwola.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\9Z82S17M.txt [ /insightexpressai.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\QMJY3756.txt [ /adbrite.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\S8TTJTTF.txt [ /yieldmanager.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\4UOMO1YQ.txt [ /apmebf.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\R5SEG09N.txt [ /adxpose.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\HDW1PYIC.txt [ /legolas-media.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\ZSH8I88R.txt [ /bs.serving-sys.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\78K6I2EB.txt [ /pro-market.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\352VNXX5.txt [ /statse.webtrendslive.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\HGIXVXNG.txt [ /kontera.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\VE9UFXAX.txt [ /questionmarket.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\Q0XTVIUY.txt [ /adserver.adtechus.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\YVQL8L2D.txt [ /tribalfusion.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\NU0QFF4H.txt [ /statcounter.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\6M9QXOXZ.txt [ /usnews.122.2o7.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\PUG75BBI.txt [ /adtech.de ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\FNO286LW.txt [ /walmartstores.112.2o7.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\K23VD2LN.txt [ /ads.nba.com ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\X3FSS2TF.txt [ /2o7.net ]
   C:\Users\Bijeaux Family\AppData\Roaming\Microsoft\Windows\Cookies\9O9FMYR2.txt [ /advertising.com ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\H7SE1IUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\BHOWQC7E.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\7U8XZV4G.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\ULD2TFFU.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\M85AARY1.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\6PJI5DX1.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\Q3I6ERA2.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\UBWP19IC.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\51HBR3PV.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\PN5O96TM.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\O70CCWI5.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\510OAGFU.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\SO892DXH.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\ABWNGB8Z.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\EFB99AKD.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\H7SE1IUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\BHOWQC7E.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\7U8XZV4G.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\ULD2TFFU.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\M85AARY1.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\6PJI5DX1.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\Q3I6ERA2.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\UBWP19IC.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\51HBR3PV.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\PN5O96TM.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\O70CCWI5.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\510OAGFU.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\SO892DXH.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\ABWNGB8Z.txt [ Cookie:[email protected]/ ]
   C:\USERS\ADMINISTRATOR\Cookies\EFB99AKD.txt [ Cookie:[email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\F3RM4PGC.txt [ Cookie:bijeaux [email protected]/adserving ]
   C:\USERS\BIJEAUX FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\ZKF5C9NQ.txt [ Cookie:bijeaux [email protected]/click/ ]
   C:\USERS\BIJEAUX FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\UQV5FVK5.txt [ Cookie:bijeaux [email protected]/servlet/ajrotator/track/pt737014 ]
   C:\USERS\BIJEAUX FAMILY\Cookies\2MAZM7JS.txt [ Cookie:bijeaux [email protected]/cgi-bin ]
   C:\USERS\BIJEAUX FAMILY\Cookies\T89D52DT.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\QT4C81IJ.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\SN9L0RR1.txt [ Cookie:bijeaux [email protected]/iberianet.com/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\H6FBSSCB.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\9UXPYEB3.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\TDVAXJN7.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\G74YB4DG.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\I08F58IA.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\ZDALF2ZO.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\2KVFEYJD.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\C82X5QA4.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\F3RM4PGC.txt [ Cookie:bijeaux [email protected]/adserving ]
   C:\USERS\BIJEAUX FAMILY\Cookies\GHA4CR89.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\0QDM4BB2.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\MW7SJ0HA.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\7DX58I2E.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\MP8EH22L.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\I2COENIA.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\VM4K3QWO.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\5PUZWJPV.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\QMJY3756.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\S8TTJTTF.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\4UOMO1YQ.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\R5SEG09N.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\ZSH8I88R.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\78K6I2EB.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\352VNXX5.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\HGIXVXNG.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\VE9UFXAX.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\Q0XTVIUY.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\YVQL8L2D.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\NU0QFF4H.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\6M9QXOXZ.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\PUG75BBI.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\ZKF5C9NQ.txt [ Cookie:bijeaux [email protected]/click/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\X3FSS2TF.txt [ Cookie:bijeaux [email protected]/ ]
   C:\USERS\BIJEAUX FAMILY\Cookies\UQV5FVK5.txt [ Cookie:bijeaux [email protected]/servlet/ajrotator/track/pt737014 ]
   C:\USERS\BIJEAUX FAMILY\Cookies\9O9FMYR2.txt [ Cookie:bijeaux [email protected]/ ]
   core.insightexpressai.com [ C:\USERS\BIJEAUX FAMILY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LUUG7MW ]
   picayune.uclick.com [ C:\USERS\BIJEAUX FAMILY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LUUG7MW ]
   s0.2mdn.net [ C:\USERS\BIJEAUX FAMILY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LUUG7MW ]
   secure-us.imrworldwide.com [ C:\USERS\BIJEAUX FAMILY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LUUG7MW ]

PUP.CNETInstaller
   C:\USERS\BIJEAUX FAMILY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\A2A77H75\CNET2_SPYWARETERMINATORSETUP_EXE.EXE
   C:\USERS\BIJEAUX FAMILY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\XNLZTRS4\CNET2_SOPHOS CONFICKER CLEANUP TOOL_MSI.EXE
   C:\USERS\BIJEAUX FAMILY\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET2_SOPHOS CONFICKER CLEANUP TOOL_MSI.EXE
   C:\USERS\BIJEAUX FAMILY\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET2_SPYWARETERMINATORSETUP_EXE.EXE

Rogue.Agent/Gen-Nullo[BIN]
   C:\WINDOWS\SYSTEM32\REGHIVEDATA.BIN




Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bijeaux Family :: BIJEAUXFAMIL-PC [administrator]

Protection: Disabled

4/11/2012 10:41:06 PM
mbam-log-2012-04-11 (22-41-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301492
Time elapsed: 24 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Windows\Temp\6f9ffa35191f0666 (Rootkit.TDSS) -> 2992 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Windows\Temp\6f9ffa35191f0666 (Rootkit.TDSS) -> Delete on reboot.
C:\Users\Bijeaux Family\AppData\LocalLow\DotSpot_2kEI\Installr\Cache\01C4ECD7.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Bijeaux Family\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\00BD85A6.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot.
c:\users\administrator\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\users\bijeaux family\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.

(end)



ComboFix 12-04-11.03 - Bijeaux Family 04/11/2012  23:23:08.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3069.2159 [GMT -5:00]
Running from: c:\users\Bijeaux Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNXLD7QY\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bijeaux Family\AppData\Roaming\log.txt
c:\users\Bijeaux Family\Documents\ShopToWin
c:\windows\system32\drivers\a635242095ee24.sys . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Legacy_a635242095ee24
-------\Service_a635242095ee24
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-12 to 2012-04-12  )))))))))))))))))))))))))))))))
.
.
2012-04-12 02:46 . 2012-04-12 02:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-04-12 02:46 . 2012-04-04 20:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-12 01:53 . 2012-04-12 01:53   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\SUPERAntiSpyware.com
2012-04-12 01:53 . 2012-04-12 01:53   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-04-12 01:53 . 2012-04-12 01:53   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-04-12 01:37 . 2012-04-12 01:37   --------   d-----w-   c:\program files\Java
2012-04-11 23:56 . 2012-04-11 23:56   101391   ----a-w-   c:\programdata\1334188428.bdinstall.bin
2012-04-11 23:56 . 2012-04-11 23:56   --------   d-----w-   c:\program files\Bitdefender
2012-04-11 23:45 . 2012-04-11 23:45   --------   d-----w-   c:\program files\Google
2012-04-11 23:45 . 2012-03-06 23:01   20696   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-04-11 23:45 . 2012-03-06 23:03   337880   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-04-11 23:45 . 2012-03-06 23:02   35672   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2012-04-11 23:45 . 2012-03-06 23:01   53848   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-04-11 23:45 . 2012-03-06 23:03   612184   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-04-11 23:45 . 2012-03-06 23:01   57688   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-04-11 23:44 . 2012-03-06 23:15   41184   ----a-w-   c:\windows\avastSS.scr
2012-04-11 23:44 . 2012-03-06 23:15   201352   ----a-w-   c:\windows\system32\aswBoot.exe
2012-04-11 23:44 . 2012-04-11 23:44   --------   d-----w-   c:\programdata\AVAST Software
2012-04-11 23:44 . 2012-04-11 23:44   --------   d-----w-   c:\program files\AVAST Software
2012-04-11 21:25 . 2012-04-11 21:25   --------   d-----w-   c:\windows\Sun
2012-04-11 21:14 . 2012-04-11 21:15   213210   ----a-w-   c:\programdata\1334171976.bdinstall.bin
2012-04-11 20:21 . 2012-04-11 20:21   --------   d-----w-   c:\programdata\BDLogging
2012-04-11 19:32 . 2012-04-11 19:32   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\QuickScan
2012-04-11 19:09 . 2012-04-11 23:56   --------   d-----w-   c:\program files\Common Files\Bitdefender
2012-04-11 17:07 . 2012-04-11 17:07   65536   ----a-r-   c:\users\Bijeaux Family\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-11 17:07 . 2012-04-11 17:07   65536   ----a-r-   c:\users\Bijeaux Family\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-11 17:07 . 2012-04-11 17:07   65536   ----a-r-   c:\users\Bijeaux Family\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2012-04-11 17:07 . 2012-04-11 17:07   --------   d-----w-   c:\program files\Sophos
2012-04-11 15:30 . 2012-04-11 15:30   --------   d-----w-   c:\windows\system32\MpEngineStore
2012-04-11 06:44 . 2012-04-11 06:44   --------   d-----w-   c:\program files\COMODO
2012-04-11 05:27 . 2012-04-11 05:27   --------   d-----w-   c:\programdata\RegSERVO
2012-04-11 05:26 . 2012-04-11 05:26   --------   d-----w-   c:\program files\REGSERVO
2012-04-11 04:59 . 2012-04-11 06:04   --------   d-----w-   c:\programdata\SecTaskMan
2012-04-11 04:59 . 2012-04-11 04:59   --------   d-----w-   c:\program files\Security Task Manager
2012-04-11 03:26 . 2012-04-11 03:24   1081112   ----a-w-   c:\windows\system32\wuaueng (1).dll
2012-04-11 03:14 . 2012-04-11 03:14   0   ----a-w-   c:\windows\system32\reset.cmd
2012-04-11 02:03 . 2011-06-21 16:24   32768   ----a-w-   c:\windows\system32\drivers\sp_rsdrv2.sys
2012-04-11 02:02 . 2012-04-11 19:52   --------   d-----w-   c:\program files\Spyware Terminator
2012-04-11 00:47 . 2012-04-11 00:49   --------   d-----w-   C:\6222442e9022c34053a88e
2012-04-11 00:33 . 2012-04-11 19:52   --------   d-----w-   c:\windows\MATS
2012-04-11 00:33 . 2012-04-11 19:52   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-03-30 01:38 . 2012-03-30 01:38   18944   ----a-r-   c:\users\Bijeaux Family\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-03-30 01:38 . 2012-03-30 01:38   --------   d-----w-   c:\users\Bijeaux Family\AppData\Local\I Want This
2012-03-27 20:22 . 2012-04-11 01:59   --------   d-----w-   C:\temp
2012-03-27 20:22 . 2012-03-27 20:27   --------   d-----w-   c:\windows\SystemRepair
2012-03-27 20:22 . 2012-03-27 20:22   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\AOL
2012-03-27 20:21 . 2012-04-11 00:05   --------   d-----w-   c:\program files\AOL Computer Checkup
2012-03-27 00:00 . 2012-03-27 00:00   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\Floodlight Games
2012-03-27 00:00 . 2012-03-27 00:00   --------   d-----w-   c:\programdata\Floodlight Games
2012-03-22 20:50 . 2012-04-09 05:05   --------   d--h--w-   c:\program files\InstallShield Installation Information
2012-03-22 20:50 . 2012-03-22 20:52   --------   d-----w-   c:\program files\GMATPrep
2012-03-21 22:24 . 2012-03-21 22:24   --------   d-----w-   c:\programdata\GameTap Web Player
2012-03-21 02:03 . 2012-03-21 02:03   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\FamilyVacationCalifornia
2012-03-19 18:56 . 2012-03-19 18:56   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\PlayFirst
2012-03-19 18:56 . 2012-03-19 18:56   --------   d-----w-   c:\programdata\PlayFirst
2012-03-19 04:52 . 2012-03-19 04:52   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\PeerNetworking
2012-03-18 20:00 . 2012-03-18 20:00   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\Virtual Prophecy
2012-03-14 23:13 . 2012-03-14 23:13   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\HitPoint Studios
2012-03-14 23:13 . 2012-03-14 23:13   --------   d-----w-   c:\programdata\HitPoint Studios
2012-03-14 22:55 . 2012-03-15 00:19   --------   d-----w-   c:\users\Bijeaux Family\AppData\Roaming\Freshy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 01:37 . 2012-02-14 04:30   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-04-05 22:30 . 2012-01-21 19:02   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 19:08 . 2012-02-19 19:07   300187612   ----a-w-   c:\program files\reg.reg
2012-02-19 18:54 . 2012-02-19 18:54   1329   ----a-w-   c:\program files\reset.cmd
2012-02-19 18:54 . 2012-02-19 18:54   379392   ----a-w-   c:\program files\subinacl.msi
2012-02-19 16:06 . 2012-02-19 16:06   512992   ----a-w-   c:\program files\sdsetup_revwire207.exe
2012-02-17 21:45 . 2012-02-17 21:45   447208   ----a-w-   c:\windows\system32\drivers\avckf.sys
2012-02-15 17:08 . 2012-02-15 17:08   348256   ----a-w-   c:\programdata\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-02-15 17:07 . 2012-02-15 17:07   348256   ----a-w-   c:\programdata\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-02-15 17:06 . 2012-02-15 17:06   416   ----a-w-   c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-02-01 02:26 . 2012-02-01 04:18   131194   ----a-w-   C:\steambackup.exe
2012-01-28 15:07 . 2012-01-28 15:07   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2012-01-28 15:07 . 2012-01-28 15:07   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-01-28 15:07 . 2012-01-28 15:07   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-01-28 15:07 . 2012-01-28 15:07   63488   ----a-w-   c:\windows\system32\tdc.ocx
2012-01-28 15:07 . 2012-01-28 15:07   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-01-28 15:07 . 2012-01-28 15:07   161792   ----a-w-   c:\windows\system32\msls31.dll
2012-01-28 15:07 . 2012-01-28 15:07   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-01-28 15:07 . 2012-01-28 15:07   74752   ----a-w-   c:\windows\system32\iesetup.dll
2012-01-28 15:07 . 2012-01-28 15:07   420864   ----a-w-   c:\windows\system32\vbscript.dll
2012-01-28 15:07 . 2012-01-28 15:07   367104   ----a-w-   c:\windows\system32\html.iec
2012-01-28 15:07 . 2012-01-28 15:07   35840   ----a-w-   c:\windows\system32\imgutil.dll
2012-01-28 15:07 . 2012-01-28 15:07   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-01-28 15:07 . 2012-01-28 15:07   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2012-01-28 15:07 . 2012-01-28 15:07   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2012-01-28 15:07 . 2012-01-28 15:07   152064   ----a-w-   c:\windows\system32\wextract.exe
2012-01-28 15:07 . 2012-01-28 15:07   150528   ----a-w-   c:\windows\system32\iexpress.exe
2012-01-28 15:07 . 2012-01-28 15:07   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-01-28 15:07 . 2012-01-28 15:07   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-01-28 15:07 . 2012-01-28 15:07   11776   ----a-w-   c:\windows\system32\mshta.exe
2012-01-28 15:07 . 2012-01-28 15:07   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2012-01-28 15:07 . 2012-01-28 15:07   101888   ----a-w-   c:\windows\system32\admparse.dll
2012-01-28 15:05 . 2012-01-28 15:05   98816   ----a-w-   c:\windows\system32\mfps.dll
2012-01-28 15:05 . 2012-01-28 15:05   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2012-01-28 15:05 . 2012-01-28 15:05   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2012-01-28 15:05 . 2012-01-28 15:05   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2012-01-28 15:05 . 2012-01-28 15:05   2873344   ----a-w-   c:\windows\system32\mf.dll
2012-01-28 15:05 . 2012-01-28 15:05   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2012-01-28 15:05 . 2012-01-28 15:05   586240   ----a-w-   c:\windows\system32\stobject.dll
2012-01-28 15:05 . 2012-01-28 15:05   209920   ----a-w-   c:\windows\system32\mfplat.dll
2012-01-28 15:05 . 2012-01-28 15:05   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2012-01-28 15:05 . 2012-01-28 15:05   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2012-01-28 15:05 . 2012-01-28 15:05   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-01-28 15:05 . 2012-01-28 15:05   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2012-01-28 15:05 . 2012-01-28 15:05   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2012-01-28 15:05 . 2012-01-28 15:05   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-01-28 15:05 . 2012-01-28 15:05   478720   ----a-w-   c:\windows\system32\dxgi.dll
2012-01-28 15:05 . 2012-01-28 15:05   37376   ----a-w-   c:\windows\system32\cdd.dll
2012-01-28 15:05 . 2012-01-28 15:05   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2012-01-28 15:05 . 2012-01-28 15:05   258048   ----a-w-   c:\windows\system32\winspool.drv
2012-01-28 15:05 . 2012-01-28 15:05   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-01-28 15:05 . 2012-01-28 15:05   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2012-01-28 15:05 . 2012-01-28 15:05   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-01-28 15:05 . 2012-01-28 15:05   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-01-28 15:05 . 2012-01-28 15:05   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2012-01-28 15:05 . 2012-01-28 15:05   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2012-01-28 15:05 . 2012-01-28 15:05   4096   ----a-w-   c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-01-28 15:05 . 2012-01-28 15:05   519680   ----a-w-   c:\windows\system32\d3d11.dll
2012-01-28 15:05 . 2012-01-28 15:05   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2012-01-28 15:05 . 2012-01-28 15:05   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2012-01-28 15:05 . 2012-01-28 15:05   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2012-01-28 15:05 . 2012-01-28 15:05   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2012-01-28 15:05 . 2012-01-28 15:05   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2012-01-28 15:05 . 2012-01-28 15:05   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2012-01-27 06:21 . 2012-01-22 15:13   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-24 14:28 . 2006-11-02 10:32   101888   ----a-w-   c:\windows\system32\ifxcardm.dll
2012-01-24 14:28 . 2006-11-02 10:32   82432   ----a-w-   c:\windows\system32\axaltocm.dll
2012-01-23 14:58 . 2012-01-23 14:58   411648   ----a-w-   c:\windows\system32\drivers\http.sys
2012-01-23 14:58 . 2012-01-23 14:58   36864   ----a-w-   c:\windows\system32\drivers\en-US\http.sys.mui
2012-01-23 14:58 . 2012-01-23 14:58   30720   ----a-w-   c:\windows\system32\httpapi.dll
2012-01-23 14:58 . 2012-01-23 14:58   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2012-01-22 18:12 . 2012-01-22 18:12   23552   ----a-w-   c:\windows\system32\lpk.dll
2012-01-22 18:12 . 2012-01-22 18:12   10240   ----a-w-   c:\windows\system32\dciman32.dll
2012-01-22 18:09 . 2012-01-22 18:09   61440   ----a-w-   c:\windows\system32\winipsec.dll
2012-01-22 18:09 . 2012-01-22 18:09   272896   ----a-w-   c:\windows\system32\polstore.dll
2012-01-22 18:03 . 2012-01-22 18:03   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2012-01-22 18:03 . 2012-01-22 18:03   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2012-01-22 18:03 . 2012-01-22 18:03   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2012-01-22 18:03 . 2012-01-22 18:03   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2012-01-22 18:03 . 2012-01-22 18:03   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2012-01-22 18:03 . 2012-01-22 18:03   105984   ----a-w-   c:\windows\system32\netiohlp.dll
2012-01-22 18:03 . 2012-01-22 18:03   10240   ----a-w-   c:\windows\system32\finger.exe
2012-01-22 18:03 . 2012-01-22 18:03   19968   ----a-w-   c:\windows\system32\ARP.EXE
2012-01-22 18:00 . 2012-01-22 18:00   127488   ----a-w-   c:\windows\system32\L2SecHC.dll
2012-01-22 18:00 . 2012-01-22 18:00   68096   ----a-w-   c:\windows\system32\wlanhlp.dll
2012-01-22 18:00 . 2012-01-22 18:00   65024   ----a-w-   c:\windows\system32\wlanapi.dll
2012-01-22 18:00 . 2012-01-22 18:00   513536   ----a-w-   c:\windows\system32\wlansvc.dll
2012-01-22 18:00 . 2012-01-22 18:00   302592   ----a-w-   c:\windows\system32\wlansec.dll
2012-01-22 18:00 . 2012-01-22 18:00   293376   ----a-w-   c:\windows\system32\wlanmsm.dll
2012-01-22 18:00 . 2012-01-22 18:00   15181   ----a-w-   c:\windows\system32\gatherWirelessInfo.vbs
2012-01-22 17:59 . 2012-01-22 17:59   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2012-01-22 17:59 . 2012-01-22 17:59   1401856   ----a-w-   c:\windows\system32\msxml6.dll
2012-01-22 17:59 . 2012-01-22 17:59   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2012-01-22 17:57 . 2012-01-22 17:57   218624   ----a-w-   c:\windows\system32\msv1_0.dll
2012-01-22 17:54 . 2012-01-22 17:54   53248   ----a-w-   c:\windows\system32\rrinstaller.exe
2012-01-22 17:54 . 2012-01-22 17:54   24576   ----a-w-   c:\windows\system32\mfpmp.exe
2012-01-22 17:54 . 2012-01-22 17:54   2048   ----a-w-   c:\windows\system32\mferror.dll
2012-01-22 17:49 . 2012-01-22 17:49   71680   ----a-w-   c:\windows\system32\atl.dll
2012-01-22 17:41 . 2012-01-22 17:41   160256   ----a-w-   c:\windows\system32\wkssvc.dll
2012-01-22 17:40 . 2012-01-22 17:40   53248   ----a-w-   c:\windows\system32\tsgqec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15   123536   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-01-29 421888]
"MakiwaraNotify"="c:\program files\AOL Computer Checkup\sdccont.exe" [2012-01-20 816536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_SZ            
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - A635242095EE24
*NewlyCreated* - WS2IFSL
*Deregistered* - a635242095ee24
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:30]
.
2012-03-28 c:\windows\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job
- c:\program files\AOL Computer Checkup\sdccont.exe [2012-01-20 10:54]
.
2012-04-11 c:\windows\Tasks\RegSERVO.job
- c:\program files\REGSERVO\RegSERVO.exe [2010-08-19 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
URLSearchHooks-{e4878b45-e2c0-4307-b6e8-734922f92f5b} - (no file)
Toolbar-10 - (no file)
WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)
WebBrowser-{D1C40BDF-7D78-4F25-8751-E772413A6CF0} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E4878B45-E2C0-4307-B6E8-734922F92F5B} - (no file)
WebBrowser-{CD3FEA81-A221-4E47-983E-F7DA6E62B59D} - (no file)
HKCU-Run-Comp_isv - c:\programdata\comprver.dll
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a635242095ee24]
"ImagePath"="\SystemRoot\System32\Drivers\a635242095ee24.sys"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\syshost32]
"ImagePath"="\"c:\windows\Installer\{B06C668B-58C3-BE66-7ED1-74E15E7E28A3}\syshost.exe\" /service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,ba,d6,2e,49,22,65,48,86,75,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,ba,d6,2e,49,22,65,48,86,75,6e,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\AOL Computer Checkup\SDCService.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\locator.exe
c:\windows\RtHDVCpl.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\TEMP\6f9ffa35191f0666
.
**************************************************************************
.
Completion time: 2012-04-11  23:34:45 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-12 04:34
.
Pre-Run: 736,278,319,104 bytes free
Post-Run: 736,419,139,584 bytes free
.
- - End Of File - - E5882730A36942FA1A1174ACA06F3AAE

[SuperDave]

Start Malwarebytes and go to the
More Tools tab.  There you'll find a button named Run Tool to run FileASSISSIN.

Then browse to this file: c:\windows\system32\drivers\a635242095ee24.sys 

Select that file and click OK, then Yes to remove it.

******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[redneondot]

Says I don't have permission to open file a635242095ee24.sys

[SuperDave]

Copy and paste the text in the code box below into Notepad.

Code: [Select]

@echo off
del c:\windows\system32\drivers\a635242095ee24.sys 

exit
Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

Double-click on blackpudding.bat to run it.
**********************************************
Please run the next scan and post the log.

[adsent5997890]

Says I don't have permission to open file a635242095ee24.sys

[redneondot]

I ran blackpudding.bat and it only remained on the screen for a split second. I no longer see the a635242095ee24.sys file though.

After clicking create log on SysProt it states "Failed to start service. SysProt AntiRootkit needs to be run with Admin privileges". I started the program with "run as administrator". I clicked Ok and the "scanning for hidden files and folders" window came up anyway. I scanned the root drive and waited over an hour but the program is still not responding.

The SysProt folder does have a log file though;

 SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[redneondot]

C:\Qoobox\Quarantine\C\Windows\System32\drivers\_a635242095ee24_.sys.zip   a variant of Win32/Rootkit.Kryptik.HT trojan
C:\Users\Bijeaux Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\564560ac-35b90c87   Java/Exploit.Agent.NAT trojan

[SuperDave]

If there are no other issues, we can do some cleanup.

To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
***********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!