"You may not have the appropriate permission to access the item."

I cannot run anything on my system, avg, spyware malware,regedit,MBAM... It all started w/ trying to fix the virus anitvirus vista 2010 and now through attempting to fix that I am stuck and cannot open anything. I ran Systemlook and this is what it gave me.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:40 on 01/03/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll --a--c 315392 bytes [05:41 22/11/2008] [12:00 25/03/2005] A832D97D4113E28DB89C33219D9E7D20
C:\Windows.old\Windows\ServicePackFiles\amd64\scecli.dll --a--- 315392 bytes [05:45 22/11/2008] [05:54 17/02/2007] 40453F57AAC02F32F785642F5C2E211E
C:\Windows.old\Windows\system32\scecli.dll --a--- 315392 bytes [05:44 22/11/2008] [05:54 17/02/2007] 40453F57AAC02F32F785642F5C2E211E
C:\Windows.old\Windows\SysWOW64\scecli.dll --a--- 188928 bytes [12:00 25/03/2005] [16:05 18/02/2007] E7B7FD7D8907DADED4928E922608887F
C:\Windows\System32\scecli.dll --a--- 177152 bytes [12:40 20/10/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [02:22 21/01/2008] [02:22 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll --a--- 177152 bytes [12:40 20/10/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll --a--c 681984 bytes [05:41 22/11/2008] [12:00 25/03/2005] 918FF7D96DE11D01DBA8BFFB3218C5A0
C:\Windows.old\Windows\ServicePackFiles\amd64\netlogon.dll --a--- 681472 bytes [05:45 22/11/2008] [05:40 17/02/2007] BFF99E983A1F35B4E8AA74DEA19D014B
C:\Windows.old\Windows\system32\netlogon.dll --a--- 681472 bytes [05:44 22/11/2008] [05:40 17/02/2007] BFF99E983A1F35B4E8AA74DEA19D014B
C:\Windows.old\Windows\SysWOW64\netlogon.dll --a--- 430592 bytes [12:00 25/03/2005] [16:05 18/02/2007] 451564B8F22461D90CF8ED3945637845
C:\Windows\System32\netlogon.dll --a--- 592896 bytes [12:40 20/10/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [02:22 21/01/2008] [02:22 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll --a--- 592896 bytes [12:40 20/10/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll --a--c 130048 bytes [05:41 22/11/2008] [12:00 25/03/2005] 2C1641EFCDA764DCC29E01A528F227A1
C:\Windows.old\Windows\ServicePackFiles\amd64\eventlog.dll --a--- 130560 bytes [05:45 22/11/2008] [05:20 17/02/2007] 589B15B2B3254E2745CB205243EB8588
C:\Windows.old\Windows\system32\eventlog.dll --a--- 130560 bytes [05:44 22/11/2008] [05:20 17/02/2007] 589B15B2B3254E2745CB205243EB8588

-=End Of File=-

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Ok well on the plus side I think that it removed the virus. Once it was done running it automatically restarted. Once I tried to open anything like IE or notepad another window popped up and tells me "choose the program you want to use to open this file" then once I choose something it just opens through notepad and is displayed in code. Other program such as SystemLook come up w/ an error message C:\users\administrator\desktop\systemlook.txt is not a valid win32 application; or it says windows installer could not be accessed....So I crossed on bridge and ran into 5 more...

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

The same thing happened when I attempted this, it tried to have me open it through another program. I tried clicking "look for apropriate program on the web" but nothing is ever found. Then when I tried to re-download MBAM and open it, I getthe message "C:\user\administrator\downloads\mbam-setup(3).exe application not found"

Once again, I download it I get the message "Choose the program..." once it try to open it. Really stuck here, what ever the source of this is, it is keeping me from opening anything... I am hoping I didn't delete something wrong from my processes while trying to rid of that virus... Whatever it is though it is allowing me to open firefox through my comcast account shortcut.

Ok. We're not done trying to beat it.

Please download exeHelper

• Double-click on exeHelper.com to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

exeHelper by Raktor
Build 20091220
Run at 21:50:32 on 03/03/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Now can you start the program I needed you to do?

Unfortunately I still can't open the programs, still get "choose the program..." message. And shortly after I posted that message my comp went to blue screen and crashed and now is running very slowly. I am going to try and run it in safe mode to see if that helps at all I really appreciate all this help, even if we can't figure it out...anymore miracles up your sleeve?

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.bat before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.bat" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Ok so when I go to download it, I don't get an optoin to rename it. Where there is generally a txt box to change it is solid, I can't even choose where it goes. Now once it is downloaded I can change title of it, but I don't know if that is actually reformatting the program, and it is always sent right to my downloads file. Now I can right click it and it comes up with the option of run as administrator.... but I am not sure if thats how I am supposed to run it...

So you could not rename it?

What about renaming it after it is downloaded? Try that, then start it from the run box.

Awsome, it ran, and I can open some of the programs now. Here's the code it came up with.

ComboFix 10-03-04.02 - Administrator 03/04/2010 18:44:42.1.4 - x86 NETWORK
Microsoft Windows Vista Ultimate 6.0.6002.2.1252.1.1033.18.3326.2832 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\commy.bat
Command switches used :: /stepdel
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adobe\254857257.old
c:\recycler\S-1-5-21-404135821-3473200025-921332265-500
c:\windows\system32\gogogahi.exe
c:\windows\system32\lesohufu.exe
c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\Dc1.exe
c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\Dc2.exe
c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\Dc4.exe
c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\desktop.ini
c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\INFO2
C:\Thumbs.db
c:\users\ADMINI~1\AppData\Local\Temp\install_flash_player.exe
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\0ya5N88M.jpg
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\820504.jpg
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\boaOBM0By.jpg
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\L7yXyXYA.jpg
c:\windows\system32\app_dll.dll
c:\windows\system32\gefuwami.dll
c:\windows\system32\jivafiti.dll
c:\windows\system32\kalomawu.dll
c:\windows\system32\kugewape.dll
c:\windows\system32\liseruka.dll
c:\windows\system32\meruyuva.dll
c:\windows\system32\nipawivo.dll
c:\windows\system32\nizukipu.dll
c:\windows\system32\piseraho.dll
c:\windows\system32\pubinibu.dll
c:\windows\system32\tafiwizo.dll
c:\windows\system32\torazovi.dll
c:\windows\system32\tugufiki.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\vogakape.dll
c:\windows\system32\yavawoji.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 23:51 . 2010-03-04 23:51 -------- d-----w- c:\users\Temp\AppData\Local\temp
2010-03-04 23:10 . 2010-03-04 23:10 -------- d-----w- C:\commy
2010-03-04 02:12 . 2010-03-04 02:12 680 ----a-w- c:\users\Temp\AppData\Local\d3d9caps.dat
2010-03-04 02:12 . 2010-03-04 02:12 100432 ----a-w- c:\users\Temp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-04 02:11 . 2010-03-04 02:12 -------- d-----w- c:\users\Temp\AppData\Local\Apple Computer
2010-03-04 02:11 . 2010-03-04 02:12 -------- d-----w- c:\users\Temp\AppData\Roaming\Apple Computer
2010-03-04 02:10 . 2010-03-04 02:10 -------- d-----w- c:\users\Temp\AppData\Local\Adobe
2010-03-04 02:08 . 2010-03-04 02:08 -------- d-----w- c:\users\Temp\AppData\Local\Mozilla
2010-03-02 12:19 . 2010-03-02 12:19 -------- d-----w- c:\program files\ESET
2010-02-28 15:48 . 2010-02-28 15:48 169100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 06:03 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 06:02 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 06:02 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 06:02 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 06:02 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 06:02 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:02 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 06:02 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 06:02 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 06:02 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 06:02 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 06:02 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 06:02 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-08 12:46 . 2010-02-08 12:46 -------- d-----w- c:\program files\iPod
2010-02-08 12:46 . 2010-03-03 01:49 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 23:47 . 2008-02-05 17:18 655214 ----a-w- c:\windows\system32\perfh019.dat
2010-03-04 23:47 . 2008-02-05 17:18 126030 ----a-w- c:\windows\system32\perfc019.dat
2010-03-02 12:31 . 2009-11-30 00:05 -------- d-----w- c:\program files\QuickTime
2010-03-02 12:31 . 2009-07-28 21:59 -------- d-----w- c:\program files\PeerGuardian2
2010-03-02 12:24 . 2009-01-29 05:37 -------- d-----w- c:\program files\AIM6
2010-03-02 01:23 . 2009-02-03 01:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\Move Networks
2010-03-01 00:17 . 2009-07-10 10:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\LimeWire
2010-02-26 18:16 . 2009-01-29 05:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-02-26 18:12 . 2009-01-29 05:39 -------- d-----w- c:\programdata\Apple
2010-02-24 14:16 . 2009-10-03 05:03 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:41 . 2009-01-28 19:37 100432 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 08:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 12:46 . 2009-01-29 05:39 -------- d-----w- c:\program files\Common Files\Apple
2010-02-08 12:44 . 2010-02-08 12:44 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-30 01:07 . 2009-02-17 00:21 -------- d-----w- c:\program files\Google
2010-01-27 01:46 . 2010-01-27 01:46 144160 ----a-w- c:\users\Administrator\AppData\Roaming\Move Networks\uninstall.exe
2010-01-27 01:46 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-01-06 15:38 . 2010-02-24 06:02 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:02 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:02 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:02 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 08:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 08:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 08:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 08:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 11:43 . 2010-02-10 11:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 11:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\users\Administrator\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-08 20:01 . 2010-02-10 11:26 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 11:26 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 11:26 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 11:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\System32\bahabona.dll
1601-01-01 00:03 . 1601-01-01 00:03 95232 --sha-w- c:\windows\System32\hakurevi.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\hoyobuva.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\jiponite.dll
1601-01-01 00:03 . 1601-01-01 00:03 35840 --sha-w- c:\windows\System32\lahuyano.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\lepefihi.dll
1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\System32\lokudeti.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\lukumeyo.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\merenugu.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\modigege.dll
1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\System32\mojekogi.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\pafikiwu.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\setizafu.dll
1601-01-01 00:03 . 1601-01-01 00:03 95232 --sha-w- c:\windows\System32\tasasifu.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\vopidezu.dll
1601-01-01 00:03 . 1601-01-01 00:03 94208 --sha-w- c:\windows\System32\yakiyetu.dll
1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\yedonuse.dll
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont .exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"pejuhotego"="jivafiti.dll" [N/A]
"jezeverat"="c:\windows\system32\vogakape.dll" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
""="" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=app_dll.dll,tugufiki.dll c:\windows\system32\vogakape.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli tugufiki.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f5,f2,17,c5,69,66,ca,01

R0 oxdheaor;oxdheaor; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:07]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Administrator\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{78443a0e-390a-4dcd-889c-10a3386ffb94} - kugewape.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SharedTaskScheduler-{c423d733-a8d2-4e97-8e34-1d36ab114c2c} - c:\windows\system32\vogakape.dll
SSODL-finepodus-{c423d733-a8d2-4e97-8e34-1d36ab114c2c} - c:\windows\system32\vogakape.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,0a,fd,d7,17,bb,96,4e,8c,73,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,0a,fd,d7,17,bb,96,4e,8c,73,fb,\

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordicon.exe"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordicon.exe"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2010-03-04 19:00:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 00:00

Pre-Run: 355,973,951,488 bytes free
Post-Run: 356,210,860,032 bytes free

- - End Of File - - 4590665D38C9F768820E91F423082140