antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Hello,

windows installer will not let me download it. It said, " The windows installer service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed." I'm not sure what the deal is or how to correct this problem. Oh, and I am also not running in safe mode.Thanks!!

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:14 on 23/09/2009 by Jim (Administrator - Elevation successful)

No Context: filefind

No Context: scecli.dll

No Context: netlogon.dll

No Context: eventlog.dll

No Context: winlogon.exe

No Context: comres.dll

No Context: crypt32.dll

No Context: gpedit.dll

No Context: rundll32.exe

No Context: sfc.dll

No Context: svchost.exe

-=End Of File=-

Hello.
You missed the colon before :filefind in the script.
Please re-run it and post the new log.

hello,
Oops, sorry about that. Thanks for catching that, and again thanks so much for the help!


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:04 on 23/09/2009 by Jim (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\I386\SCECLI.DLL --a--- 174592 bytes [01:40 12/12/2006] [10:00 29/08/2002] 97418A5C642A5C748A28BD7CF6860B57
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [22:32 18/05/2009] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 180224 bytes [04:51 20/09/2009] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [08:09 20/08/2007] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SYSTEM32\scecli.dll ------ 180224 bytes [10:00 29/08/2002] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\I386\NETLOGON.DLL --a--- 399360 bytes [01:39 12/12/2006] [10:00 29/08/2002] 3ADD563ED7A1C66E6F5E0F7A661AA96D
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [22:32 18/05/2009] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [04:51 20/09/2009] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [08:09 20/08/2007] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SYSTEM32\netlogon.dll ------ 407040 bytes [10:00 29/08/2002] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\I386\EVENTLOG.DLL --a--- 49152 bytes [01:36 12/12/2006] [10:00 29/08/2002] BF3C8CF53C77B48206B39910B6D6CBCC
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [22:32 18/05/2009] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [04:51 20/09/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [08:08 20/08/2007] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SYSTEM32\eventlog.dll ------ 56320 bytes [10:00 29/08/2002] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "winlogon.exe"
C:\I386\WINLOGON.EXE --a--- 516608 bytes [01:43 12/12/2006] [10:00 29/08/2002] 2246D8D8F4714A2CEDB21AB9B1849ABB
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [22:32 18/05/2009] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a--- 502272 bytes [04:51 20/09/2009] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 507904 bytes [08:09 20/08/2007] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SYSTEM32\winlogon.exe ------ 502272 bytes [10:00 29/08/2002] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE

Searching for "comres.dll"
C:\I386\COMRES.DLL --a--- 792064 bytes [01:34 12/12/2006] [10:00 29/08/2002] 1F51839ECCF908FD86558198909262E4
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [22:32 18/05/2009] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [08:08 20/08/2007] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SYSTEM32\comres.dll ------ 792064 bytes [10:00 29/08/2002] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\I386\crypt32.dll --a--- 544256 bytes [01:34 12/12/2006] [22:10 23/09/2002] C4386C3598E8DF9A406B4A3537C997B2
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [22:32 18/05/2009] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 599040 bytes [08:08 20/08/2007] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SYSTEM32\crypt32.dll ------ 597504 bytes [18:54 25/08/2004] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\I386\RUNDLL32.EXE --a--- 31744 bytes [01:40 12/12/2006] [10:00 29/08/2002] 0FB22DD37C17F80AD71316049F725170
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [22:32 18/05/2009] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [08:09 20/08/2007] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SYSTEM32\rundll32.exe --a--- 33280 bytes [10:00 29/08/2002] [00:12 14/04/2008] (Unable to calculate MD5)

Searching for "sfc.dll"
C:\I386\SFC.DLL --a--- 4096 bytes [01:41 12/12/2006] [10:00 29/08/2002] 52BB2A508CB3EB8AAA5F6F142F5B73D6
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [22:32 18/05/2009] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ERDNT\cache\sfc.dll --a--- 5120 bytes [04:51 20/09/2009] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [08:09 20/08/2007] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\SYSTEM32\sfc.dll ------ 5120 bytes [10:00 29/08/2002] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E

Searching for "svchost.exe"
C:\I386\SVCHOST.EXE --a--- 12800 bytes [01:41 12/12/2006] [10:00 29/08/2002] 0F7D9C87B0CE1FA520473119752C6F79
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [22:32 18/05/2009] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ERDNT\cache\svchost.exe --a--- 14336 bytes [04:51 20/09/2009] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [08:09 20/08/2007] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SYSTEM32\svchost.exe ------ 14336 bytes [10:00 29/08/2002] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716

-=End Of File=-

Hi

Please go to this page: http://support.microsoft.com/kb/313222 and follow the section Let me fix it myself
If you have any questions, please post back here. If you cannot do it, I can prepare a file to help you.

Hello again,

I/m very sorry about this, but I cannot use the fix it myself. It said I cannot use this if I am running XP Home Edition, that I would have to use system restore or a backup. I have no restore points available. Again Thank You!

So...you typed this:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

in to Command Prompt, and got no results?

hi,

Yes, it said it does not recognize secedit.

It is a Windows XP issue. Please download the hotfix to fix the secedit command: http://support.microsoft.com/kb/897327

Then, please try the above again.

Tell me results.

Hello,

I'm sorry, secedit is still not recognised, Thanks!

Jim

Hello,

I was wandering if I had gotten rid of the viruses now and maybe have a completely different problem? Or is this all related to antivirus 2010? Thank You, you guys are awesome!

Hi

I can be sure the viruses are gone, but there is a permissions issue somewhere that is preventing you from accessing a lot of things. I am trying to find the appropriate fix, but most of them have failed.

Is ComboFix still on your Desktop? Please double-click it and do another run, and please post the log in your next reply. If you do not have Com,boFix, see the first page of this thread for the download link and instructions.

ComboFix 09-09-18.02 - Jim 09/24/2009 0:21.4.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 01:39 . 2009-09-16 23:48 55536 ----a-w- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-24 01:39 . 2009-09-16 23:48 491248 ----a-w- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-24 00:10 . 2009-09-24 01:30 -------- d-----w- c:\program files\ACW
2009-09-22 05:39 . 2009-09-22 05:39 2855 ----a-w- c:\windows\explorer.PIF
2009-09-22 04:26 . 2009-09-22 05:33 -------- d-----w- c:\documents and settings\Jim\.housecall6.6
2009-09-22 03:03 . 2009-09-22 03:03 46375 ----a-w- c:\windows\Junction.zip
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 12:58 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:29 . 2007-08-29 11:54 -------- d-----w- c:\program files\LimeWire
2009-09-22 05:29 . 2009-05-07 03:10 -------- d-----w- c:\program files\VVSN
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 16:48 . 2009-08-21 16:46 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-21 11:02 . 2009-08-21 11:01 1336 ----a-w- c:\windows\r.vbs
2009-08-21 11:02 . 2009-08-21 11:01 21 ----a-w- c:\windows\c.bat
2009-08-21 11:01 . 2009-08-21 11:01 53 ----a-w- c:\windows\m.bat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Malwarebytes Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-23 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=RlD9TCNDbrl.m.ezjD6Pjg&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/RockYouImageUploader.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-24 0:29
ComboFix-quarantined-files.txt 2009-09-24 04:28
ComboFix2.txt 2009-09-20 14:07
ComboFix3.txt 2009-09-20 04:53

Pre-Run: 116,298,412,032 bytes free
Post-Run: 116,255,956,992 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
228 --- E O F --- 2009-09-23 07:00

Hi

Please remove SpyHunter, as it seems to be contributing to part of the problem. Control Panel > Add or Remove Programs - Find SpyHunter in the list and choose Change/Remove.

==

Restore Permissions for explorer.exe

Please download Inherit by sUBs

1. Drag and drop explorer.exe (Located in C:\Windows) onto Inherit
   
2. This shall restore permissions to the application
   
3. The application should now run normally
   

Please indicate in your next post if this was successful.

==

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\windows\r.vbs
   c:\windows\c.bat
   c:\windows\m.bat
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Hello,

I now have my desktop! I am still having problems accessing many programs.
here is combofix.txt. Thank!


ComboFix 09-09-18.02 - Jim 09/24/2009 15:12.5.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\cfscript.text
* Created a new restore point

FILE ::
"c:\windows\c.bat"
"c:\windows\m.bat"
"c:\windows\r.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\c.bat
c:\windows\m.bat
c:\windows\r.vbs

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 19:03 . 2009-09-24 09:25 85504 ----a-w- c:\windows\Inherit.exe
2009-09-24 01:39 . 2009-09-16 23:48 55536 ----a-w- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-24 01:39 . 2009-09-16 23:48 491248 ----a-w- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-24 00:10 . 2009-09-24 01:30 -------- d-----w- c:\program files\ACW
2009-09-22 05:39 . 2009-09-22 05:39 2855 ----a-w- c:\windows\explorer.PIF
2009-09-22 04:26 . 2009-09-22 05:33 -------- d-----w- c:\documents and settings\Jim\.housecall6.6
2009-09-22 03:03 . 2009-09-22 03:03 46375 ----a-w- c:\windows\Junction.zip
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 13:59 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:29 . 2007-08-29 11:54 -------- d-----w- c:\program files\LimeWire
2009-09-22 05:29 . 2009-05-07 03:10 -------- d-----w- c:\program files\VVSN
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 16:48 . 2009-08-21 16:46 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-20_04.50.45 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Malwarebytes Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=RlD9TCNDbrl.m.ezjD6Pjg&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/RockYouImageUploader.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
AddRemove-{03CE1BCB-03F5-4C6A-B37E-69799AA3C544} - c:\program files\Enigma Software Group\SpyHunter\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-24 15:19
ComboFix-quarantined-files.txt 2009-09-24 19:18
ComboFix2.txt 2009-09-24 04:29
ComboFix3.txt 2009-09-20 14:07
ComboFix4.txt 2009-09-20 04:53

Pre-Run: 116,250,562,560 bytes free
Post-Run: 116,206,739,456 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
238 --- E O F --- 2009-09-24 07:00

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.41
Database version: 2869
Windows 5.1.2600 Service Pack 3

9/28/2009 10:39:00 PM
mbam-log-2009-09-28 (22-39-00).txt

Scan type: Quick Scan
Objects scanned: 128182
Time elapsed: 56 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jim\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Hi

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
OneCare Advisor (Windows Live Toolbar)
Authentium AntiVirus SDK - 2
iolo Antivirus
iolo technologies' System Mechanic Professional
``````````````````````````````
Anti-malware/Other Utilities Check:
Scholastic's I SPY Mystery
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hi

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Are you having any more issues? It seems the malware is gone from your computer.

Hey,
Yes, I'm sorry to say but I cannot access add/remove programs. You have been great helping me rid antivirus 2010! Remarkable!
Anyway, here's what I get "C:\windows\system32\rundll32.exe
windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

Hi

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Please navigate to rundll32.exe which is located in C:\Windows\System32

and take ownership of it: http://support.microsoft.com/kb/308421

Once you have taken ownership, please boot back in to Normal Mode and see if you can access Add or Remove Programs.

Hello,

Everything in the security tab was checked that I and all users have full permission. I also cannot access many other things in control panel, I get the same message "cannot access the file......" Thanks!

Hello.
We'll need to unlock more files. Can you run junction.exe like I asked here?
http://www.geekpolice.net/virus-spyware-malware-removal-f11/antivirs-2010-removal-no-desktop-cannot-d-l-and-use-hijk-or-malware-bytes-t14499-15.htm#91776

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\New Folder\mwbe\mbam.exe: Access is denied.


...

...

...

...

..
Failed to open \\?\c:\\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe: Access is denied.



Failed to open \\?\c:\\Program Files\iolo\System Mechanic Professional\SysMech.exe: Access is denied.


.

...

...

...

...

.
Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe: Access is denied.




...

...

...
Failed to open \\?\c:\\WINDOWS\SYSTEM32\dumprep.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\hkcmd.exe: Access is denied.




.
Failed to open \\?\c:\\WINDOWS\SYSTEM32\rundll32.exe: Access is denied.


..

...

.
Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe: Access is denied.


.No reparse points found.

Hello.

Please download this file.

Like you did with juntion.exe, place inherit.exe into windows folder.

Now open a new notepad file.
Input this into the notepad file:

@echo off
"inherit.exe" "c:\New Folder\mwbe\mbam.exe"
"inherit.exe" "c:\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe"
"inherit.exe" "c:\Program Files\iolo\System Mechanic Professional\SysMech.ex"
"inherit.exe" "c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\dumprep.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\hkcmd.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\rundll32.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe"
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Hello,

You guy's are the bomb!! I can access Add/Remove now and the other things I couldn't before! I'm ganna go and see if I can now remove some of the things suggested before. Thank you so much!

hey again,

I tried to remove the older version of java but I couldn't. " windows installer is not correctly installed" Thanks!!

Hello.
Don't worry about that for now. Update and run MBAM please.

Malwarebytes' Anti-Malware 1.41
Database version: 2879
Windows 5.1.2600 Service Pack 3

9/30/2009 10:26:08 PM
mbam-log-2009-09-30 (22-26-08).txt

Scan type: Quick Scan
Objects scanned: 131428
Time elapsed: 56 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.
Lets get this scan going.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.
  

DDS (Ver_09-09-29.01) - NTFSx86
Run by Jim at 20:07:39.84 on Thu 10/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=RlD9TCNDbrl.m.ezjD6Pjg&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 1.0.3705; yie8; yie8)" -"http://www.maidmarian.com/ClubMarian.htm"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [iolo AntiVirus] "c:\program files\iolo\system mechanic professional\antivirus\ioloAV.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\new folder\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\documents and settings\jim\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\precas~1.lnk - c:\program files\ocucom\precast\tmon.exe
IE: &Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/RockYouImageUploader.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-01 19:35 --d----- c:\program files\McAfee Security Scan
2009-10-01 19:35 --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-30 23:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-30 23:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-26 16:10 54,156 a---h--- c:\windows\QTFont.qfn
2009-09-26 16:10 1,409 a------- c:\windows\QTFont.for
2009-09-24 15:10 --d----- C:\ComboFix
2009-09-24 15:03 85,504 a------- c:\windows\inherit.exe
2009-09-23 21:39 491,248 a------- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-23 21:39 55,536 a------- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-23 20:10 --d----- c:\program files\ACW
2009-09-22 01:39 2,855 a------- c:\windows\explorer.PIF
2009-09-22 00:26 --d----- c:\documents and settings\jim\.housecall6.6
2009-09-20 00:45 a-dshr-- C:\cmdcons
2009-09-20 00:26 229,888 a------- c:\windows\PEV.exe
2009-09-20 00:26 161,792 a------- c:\windows\SWREG.exe
2009-09-20 00:26 98,816 a------- c:\windows\sed.exe
2009-09-13 22:46 --d-h--- c:\windows\PIF
2009-09-08 15:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-09-08 07:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 07:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 07:22 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 07:15 414 a------- C:\spyhunter.fix
2009-09-07 15:54 --d----- c:\windows\system32\wbem\Repository
2009-09-07 06:58 12,537 a------- c:\windows\opybu._sy
2009-09-03 07:45 --d----- c:\docume~1\alluse~1\applic~1\TomTom
2009-09-03 07:36 --d----- c:\program files\TomTom DesktopSuite

==================== Find3M ====================

2009-09-30 05:29 95,616 a------- c:\windows\junction.exe
2009-08-23 23:23 680,960 a------- c:\windows\is-CSKTN.exe
2007-08-20 21:47 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-18 18:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat

============= FINISH: 20:08:08.70 ===============

How is your computer running? Are you still having trouble?

Hello,

Everything seems to be doing good except I cannot turn my computer off from the start menu or task manager. You guy's have been awesome! Thanks!

Hi

Please tell me if this works:

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

• Please disable realtime protection. (If any)
  
• Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  
• Double-click DragonFix.reg, and follow the prompt(s).
  
• Please reboot your computer. In your case, do the following: open Command Prompt (Start > Run - Type in CMD and hit enter). In the Command Prompt Window, enter in the following and hit enter: shutdown /r

Make sure there is a space between the shutdown and /r

Hello,

I tried the run first and got "Activex component can't create object: Get Object" Thanks!

Hi

Please create a Restore Point yourself, by going to Start > All Programs > Accessories > System Restore

==

Then, try DragonFix and do the Restart command. Don't worry about RunFirst.vbs.

Then, let me know if that fȋxed it.

Hey,

Everything seems to be doing great! I will be watching this site very often to try and learn more about computers. You have already taught me a great deal. I just wished I were as good as you guys. Would you have any suggestions as per learning what you guys do? I have found this to be very interesting and would love to learn more. Thanks!!

The following links will be helpful to find free malware removal training:

Geeks to Go


What the Tech


Malware Removal


SpywareHammer


Spyware Info Forum


Bleeping Computer

Tech Support Forum