Many Problems with my computer? (Including Protection System)

I can't install HijackThis or Malware-Bytes or any other Anti-Malware programs! I know Protection System/Pc Security is still stuck partiallyon my PC.

I check my Task Manager often and sometimes my computer slows down and I find that iexplorer.exe is running but I haven't touched Internet Explorer for months!

Whenever I try to click a random desktop icon, a window pops up telling me to find what program to open it with!

It also says there is a problem with Rundll.exe (I think? Something along those lines) and I can't open system restore, device manager, install/uninstall programs, etc.

In Safe Mode, my interet won't work and usually says something along the lines of "Can't find the server at toolbar.ask.com" I don't even go to ask.com.

I have Trend Micro Internet Security installed, and while it's helped, I can't open it anymore because of the Program searcher window.

And just recently, whenever I click a link on Google Search, it opens a new tab and redirects me to a spam site.

Please help!

I have Windows XP Service Pack 2, but I don't have the original bar code thing you need to verify it, even though I have the disk to reinstall it. My computer is also along the lines of 6 years old.


If anyone needs to know anything else, please ask!

Bump!

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

That link is not working for me.

See if this link works:
http://www.sendspace.com/pro/dl/932rpd

It downloaded in the download window, but my computer will not let me open it, and when I right click it, the open and open containing folder options are a dark gray and unselectable.

Hello in task manager do you see the following process: PC_Security2009.exe

No, but when I right click on random things, an option on the right click menu asks," Scan with Protection system" Also, I deleted as much of Protection system as I could trying to get rid of it, but a file called "coreext.dll" won't be deleted from the Protection System Folder on my Program files.

Last edited by blackwolf748 on 29th July 2009, 8:50 pm; edited 1 time in total (Reason for editing : Typo.)

Hello, can you right down all the names the you have in your task manager process list and post them here.

Sure, there's a lot... I never use Internet explorer, but when I delete the process, it comes back in a few minutes.

WISPTIS.exe
iexplorer.exe
wuauclt.exe
taskmgr.exe
firefox.exe
iPodservice.exe
distnoted.exe
WINWORD.exe
ctfmon.exe
iTunes.exe
explorer.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
SfCtlCom.exe
svchost.exe
AppleMobileDevice.exe
svchost.exe
svchost.exe
ati2evxx.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
MDM.exe
TmProxy.exe
TmPfw.exe
CTSVCCDA.exe
mDNSResponder.exe
SyncServicesBasics.exe
AppleMobileDeviceService.exe
TMBMSRV.exe
svchost.exe
spoolsv.exe
System
System Idle Process

Please download SysProt AntiRootkit v1.0.1.0 by Swatkat

• Next run the file; *Note: If running vista right click and select run as administrator
  
• Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  
• A scan will start and then a window will pop up with two options, select scan all drives
  
• Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.
  

It's still not letting me open any downloads...

We are going to have to do some things in safe mode, also you are going to have to use a Cd or flash drive to transfer files to infected computer:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

I went in safe mode, followed all of your instructions, but it didn't work.

When I tried to download it and renamed it, my firefox download window did the following;
It stopped the download immediately, and had a retry button to click.
I clicked the retry download button, and the download finished as soon as I clicked it.
If I right-click on the download, the options Open containing Folder, Open, and go to download page had darkened text and I could not select them. Other files, like iTunes music files, were fine and I could open them just fine.

See if you can do the following:

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.