Cant access any anti-virus or malware removal programmes.

Hi, I cant access my Avast!, or my Malwarebytes. Everytime I try it says ''Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.''
Please help as Im worried I have Malware.
Thanks, Chris.

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:49 on 23/09/2009 by C (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [13:46 30/09/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [13:46 30/09/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592384 bytes [13:48 30/09/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [13:48 30/09/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F

Searching for "eventlog.dll"
No files found.

Searching for "winlogon.exe"
C:\Windows\System32\winlogon.exe --a--- 314880 bytes [13:47 30/09/2008] [07:33 19/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe --a--- 308224 bytes [08:44 02/11/2006] [09:45 02/11/2006] 9F75392B9128A91ABAFB044EA350BAAD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a--- 314880 bytes [13:47 30/09/2008] [07:33 19/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24

Searching for "comres.dll"
C:\Windows\System32\comres.dll --a--- 1291264 bytes [13:47 30/09/2008] [05:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_2a7a18dbe946c84f\comres.dll --a--- 1236992 bytes [07:29 02/11/2006] [08:50 02/11/2006] 4843A1784BA6434DFF80F841DDC592C6
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll --a--- 1291264 bytes [13:47 30/09/2008] [05:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD

Searching for "crypt32.dll"
C:\Windows\System32\crypt32.dll --a--- 977408 bytes [13:48 30/09/2008] [07:34 19/01/2008] D4D86075510C02F887528207D8E0D713
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll --a--- 974336 bytes [08:43 02/11/2006] [09:46 02/11/2006] 360191D2A50180C3E0673BAB7F5529E0
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\crypt32.dll --a--- 974336 bytes [11:30 11/12/2007] [11:30 11/12/2007] 3233F31FF7046A5C54A312B6687C5376
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.20523_none_5a007d3af9d85f4c\crypt32.dll --a--- 974336 bytes [11:30 11/12/2007] [11:30 11/12/2007] 6E4B8D43AABE3EC49AA925FD68F0C265
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\crypt32.dll --a--- 977408 bytes [13:48 30/09/2008] [07:34 19/01/2008] D4D86075510C02F887528207D8E0D713

Searching for "gpedit.dll"
C:\Windows\System32\gpedit.dll --a--- 936960 bytes [13:47 30/09/2008] [07:34 19/01/2008] E3DDEB38C6303086F79C6B7E83C372C8
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6000.16386_none_cbfb6a9967fc57b1\gpedit.dll --a--- 935936 bytes [08:46 02/11/2006] [09:46 02/11/2006] 1C2761A389791C98E8A11A1539D6BB71
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_ce322c9564e76885\gpedit.dll --a--- 936960 bytes [13:47 30/09/2008] [07:34 19/01/2008] E3DDEB38C6303086F79C6B7E83C372C8

Searching for "rundll32.exe"
C:\Windows\System32\rundll32.exe --a--- 44544 bytes [08:48 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A
C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe --a--- 44544 bytes [08:48 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A

Searching for "sfc.dll"
C:\Windows\System32\sfc.dll --a--- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc.dll --a--- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll --a--- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a--- 21504 bytes [13:46 30/09/2008] [07:33 19/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe --a--- 22016 bytes [08:35 02/11/2006] [09:45 02/11/2006] 10DA15933D582D2FEDCF705EFE394B09
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe --a--- 21504 bytes [13:46 30/09/2008] [07:33 19/01/2008] 3794B461C45882E06856F282EEF025AF

-=End Of File=-

Hi

Please download a clean copy of a system file you are missing, called eventlog.dll from HMOSLabs and save it to your Desktop. Do not open the file from its location as it is not possible to do.

Move the file to the following folder using Windows Explorer: C:\Windows\System32

==

!! NOTICE: This instruction is for this user only. If you are a lurker reading this, do not attempt it. !!

Please navigate to C:\Program Files\Malwarebytes' Anti-Malware and attempt to rename it to iexplore.exe
Then, double-click that to launch MBAM. Attempt to run a scan, and post the results in your next reply. If you cannot run the scan, please let me know.

Still cant run scan or open Avast!.

Thanks
Chris

Hi

Please re-run SystemLook.

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
cngaudit.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 01:13 on 27/09/2009 by C (Administrator - Elevation successful)

========== filefind ==========

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll ------ 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

Hi

Please download Rooter to your desktop

1. Double click it to start the tool.
   
2. A Notepad file containing the report will open, also found at
   %systemdrive%(usually C:)\Rooter.txt. Post that log in your next reply.
   

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 22 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] STOPPED (state:1) : Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
.
C:\ [fȋxed-NTFS] .. ( Total:103 Go - Free:57 Go )
D:\ [CD_Rom]
E:\ [fȋxed-NTFS] .. ( Total:1 Go - Free:1 Go )
F:\ [fȋxed-NTFS] .. ( Total:7 Go - Free:6 Go )
.
Scan : 13:39.19
Path : C:\Users\C\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J29IH6VE\Rooter[1].exe
User : C ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (400)
______ C:\Windows\system32\csrss.exe (468)
______ C:\Windows\system32\wininit.exe (512)
______ C:\Windows\system32\csrss.exe (520)
______ C:\Windows\system32\services.exe (556)
______ C:\Windows\system32\lsass.exe (572)
______ C:\Windows\system32\lsm.exe (580)
______ C:\Windows\system32\winlogon.exe (608)
______ C:\Windows\system32\svchost.exe (792)
______ C:\Windows\system32\svchost.exe (872)
______ C:\Windows\System32\svchost.exe (904)
______ C:\Windows\System32\svchost.exe (992)
______ C:\Windows\System32\svchost.exe (1060)
______ C:\Windows\system32\svchost.exe (1092)
Locked audiodg.exe (1156)
______ C:\Windows\system32\svchost.exe (1184)
______ C:\Windows\system32\SLsvc.exe (1200)
______ C:\Windows\system32\svchost.exe (1240)
______ C:\Windows\system32\svchost.exe (1368)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1492)
______ C:\Windows\system32\WLANExt.exe (1500)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1512)
______ C:\Windows\System32\spoolsv.exe (1848)
______ C:\Windows\system32\svchost.exe (1924)
______ C:\Windows\system32\taskeng.exe (2040)
______ C:\Windows\system32\Dwm.exe (300)
______ C:\Windows\Explorer.EXE (412)
______ C:\Windows\SMINST\scheduler.exe (1344)
______ C:\Program Files\Windows Defender\MSASCui.exe (1316)
______ C:\Windows\System32\igfxtray.exe (1628)
______ C:\Windows\System32\hkcmd.exe (388)
______ C:\Windows\System32\igfxpers.exe (1744)
______ C:\Program Files\PDF Complete\pdfsty.exe (648)
______ C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (456)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (968)
______ C:\Program Files\Hewlett-Packard\HP reƖ Assistant\HPWAMain.exe (672)
______ C:\Program Files\Hewlett-Packard\HP reƖ Assistant\WiFiMsg.exe (576)
______ C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (632)
______ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (524)
______ C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (1144)
______ C:\Windows\System32\wpcumi.exe (1468)
______ C:\Program Files\iTunes\iTunesHelper.exe (1996)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (1992)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2064)
______ C:\Program Files\Alwil Software\Avast4\ashDisp.exe (2080)
______ C:\Program Files\Windows Sidebar\sidebar.exe (2088)
______ C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (2100)
______ C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe (2120)
______ C:\Windows\system32\AEADISRV.EXE (2280)
______ C:\Windows\system32\agrsmsvc.exe (2336)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2368)
______ C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (2468)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2580)
______ C:\Windows\system32\svchost.exe (2620)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (2652)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2684)
______ C:\Program Files\PDF Complete\pdfsvc.exe (2716)
______ C:\Windows\system32\svchost.exe (2752)
______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (2828)
______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2856)
______ C:\Windows\system32\svchost.exe (2964)
______ C:\Windows\system32\igfxsrvc.exe (3020)
______ C:\Windows\System32\svchost.exe (3028)
______ C:\Windows\system32\SearchIndexer.exe (3112)
______ C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (3212)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (3452)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (3532)
______ C:\Windows\system32\wbem\wmiprvse.exe (3660)
______ C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (2052)
______ C:\Program Files\Internet Explorer\iexplore.exe (3388)
______ C:\Program Files\Internet Explorer\iexplore.exe (2004)
______ C:\Windows\system32\taskeng.exe (856)
______ C:\Program Files\iPod\bin\iPodService.exe (2612)
______ C:\Windows\system32\SearchProtocolHost.exe (2244)
______ C:\Windows\system32\SearchFilterHost.exe (2424)
______ c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (3068)
______ C:\Program Files\Internet Explorer\iexplore.exe (4256)
______ C:\Users\C\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J29IH6VE\Rooter[1].exe (4512)
______ C:\Windows\system32\wbem\wmiprvse.exe (4656)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:110748467712)
\Device\Harddisk0\Partition2 (Start_Offset:110748499968 | Length:7613710336)
\Device\Harddisk0\Partition3 (Start_Offset:118366404608 | Length:1666187264)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{E079D95C-FF6F-4477-9726-893C4C06FF9C}.job
C:\Windows\Tasks\User_Feed_Synchronization-{F61B6C03-8E54-46B3-8CBD-E150CD61A200}.job
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 13:39.25
.
C:\Rooter$\Rooter_1.txt - (27/09/2009 | 13:39.25)

Hi

Please download ComboFix by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.