stuck with annoying problem

i have win xp sp3 never had any kind of problem had norton 360 purchased software in past n now NIS 2009 untill 1 day while trying to lookup a song and all of a sudden next day when started computer started getting a msg from begaining of startup untill for every application got loaded saying " ___.exe - Bad image with a red x mark stating the application or DLL c:\WINDOWSsystem32\yoguyutu.dll is not a valid windows image. Please check this against your installation diskette". After this problem got in, my task manager stoped working which before 2 days from today i got back to working using task magaer fix but still not able to find a fix for disabled system restore it comes back with a error msg saying " cannot do system restore no changes have been made to your computer". It kind of worked once when i created new restore point but when tried to undo that new rstore point it did not work n now it seems like i cannot go back to select any past dates either. Did many scans with norton and spy doctor but no luck so finally here for help so please help for this annoying problem. Thank for your teams time and this great site hope to get fix

Welcome to GP

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

Thank u so much for the help good news are, that annoyoing msg has stoped n so it feels much better to work on computer spending more time on real work rather than pressing OK everytime for that msg and i dont know i should say call it a bad new or no news but after completing stage 33-34 i guess combofix restarted my computer and i forgot what it started to do but than all of a sudden my computer went into safe mode shut off and so i restarted the computer and ran comdofix again than again computer got shut off and 2nd time i did ran it again so let me know if thats normal or should i re-do all over again and also just to let u know after i downloaded combofix per your instructions i tried to run it thru run command but it gave me bad name error so started it straight from where i saved it to, n i guess it worked ok n just went going as u described
Here is the copy paste of log got 2 different folder so from both of them
1st
ComboFix 09-10-28.08 - Amit 10/29/2009 20:28:38.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1043 [GMT -5:00]
Running from: C:\Documents and Settings\Amit\My Documents\commyFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
2nd
ComboFix 09-10-28.08 - Amit 10/29/2009 21:01:27.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1576 [GMT -5:00]
Running from: C:\Documents and Settings\Amit\My Documents\commyFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
I dont know wether i m doing it wrong or something is wrong but your instruction to dostart> run is not working so i dont know how else i can give u the list of programs even the combofix txt is something i had to go into the folder n copy paste

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Hello Sat morning tryin to follow your instructiins and again not able to get as you are tellin me to do, in safe mode i m not gettin any setup menu all i get is run win in recovery mode and run win in normal ep hm edition so after 2 attempts runing kaspersky in normal mode i dont know how good that will b or helpfull let me know what to do

Go ahead and run it regularly, without modifying any options. What happens?

did the run it took almost a day to finish n the result is it found 5 things and deleted it n so here is the report
deleted: Trojan program Exploit.Java.ByteVerify File: C:\Documents and Settings\Amit\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4ab4e132
deleted: Trojan program Exploit.Java.ByteVerify File: C:\Documents and Settings\Amit\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-24f54402
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe//WiseSFXDropper//WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0008652.exe//WiseSFXDropper//WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0008652.exe//WiseSFXDropper
so i guess it is all taken care of n hopeing it is ok from u to turn this kaspersky off

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

just a Qs out of curiosity i know u know things better than me but y are we doing so many different scans i have spy doctor wouldnt that be same as malwarebytes ?

Not at all. Malwarebytes can find things that Spyware Doctor cannot necessarily find.

ComboFix is a very powerful removal tool, and so is Kaspersky AVP.

thanx for the i will do it n let u know the results

Ok. Post when ready.

Sorry for such a late reply got busy doing 2 jobs...... n so here is the scan report of malwarebytes as u asked for
Malwarebytes' Anti-Malware 1.41
Database version: 3109
Windows 5.1.2600 Service Pack 3

11/5/2009 9:26:48 PM
mbam-log-2009-11-05 (21-26-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 230772
Time elapsed: 2 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{1f5e0ea2-abea-44c3-95ec-2d1e721fe95e} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Amit\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC3B.tmp (Adware.Mirar) -> Quarantined and deleted successfully.
C:\I386\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Log\2007 Jul 25 - 09_13_27 PM_828.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Log\2007 Jul 25 - 09_13_40 PM_015.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\launch.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\page.html (Malware.Trace) -> Quarantined and deleted successfully.
let me know whats next i cant belive still i had 22 stinkers inside my computer so i have to go thru more different scans let me know

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

sorry again got caught up with work but here is the new scan
Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 3

11/11/2009 4:51:15 AM
mbam-log-2009-11-11 (04-51-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 205307
Time elapsed: 2 hour(s), 33 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\commyFix\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\commyFix11601c\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0007465.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0012818.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.