"You may not have the appropriate permission to access the item."

Can't run any type of anti-spyware, malware, adware, etc... Can't modify any program or system files either. Here's my SystemLook scan; I'm running XP Pro.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:23 on 20/09/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [12:00 12/08/2004] [12:00 12/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 12/08/2004] [12:00 12/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [12:00 12/08/2004] [12:00 12/08/2004] (Unable to calculate MD5)

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

Hello.
The log shows me the problem, but it hasn't found a clean copy of the file we need. Do you have your XP disc?

I can make one quick enough. Is it worth fussing with? I can just as well reinstall XP without losing anything valuable.

Hello.
eventlog.dll <-- this is the problem file, but it's a patched system file, we need a clean copy to replace it after we delete it. Sadly SystemLook didn't find a clean copy hanging around your machine.

We can try and use your XP disc to get a copy, but formatting is your choice.

I made up a backup disc. What's my next step?

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2845
Windows 5.1.2600 Service Pack 2

9/22/2009 9:23:32 PM
mbam-log-2009-09-22 (21-23-32).txt

Scan type: Quick Scan
Objects scanned: 113471
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
C:\Documents and Settings\Customer\Local Settings\Temp\a.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Generic.Bot.H) -> Delete on reboot.
C:\Documents and Settings\Customer\Local Settings\Temp\a.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ryan at 14:29:28.17 on Wed 09/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.571 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Customer\Local Settings\Application

Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\Program Files\SeekService\seekservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Customer\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = hi2u
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: SfcDisable=-99 (0xffffff9d)
mWinlogon: UIHost=XPize_Logon.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital

imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -

c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.6.0_07\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\customer\local settings\application

data\google\update\GoogleUpdate.exe" /c
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe"

/runcleanupscript
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link

airplus g\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program

files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?118573507

8281
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?118573505

7500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

c:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\customer\applic~1\mozilla\firefox\profiles\ombigqeq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\customer\application

data\mozilla\firefox\profiles\ombigqeq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\pla

tform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mozilla

firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\customer\local settings\application

data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.blink_allowed - false

============= SERVICES / DRIVERS ===============

R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-9-22 21904]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-9-22

933720]
R2 SeekService Service;SeekService Service;c:\documents and settings\all users\application

data\seekservice\seekservice129.exe [2009-9-23 54784]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys

[2005-3-22 450400]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-9-22 28560]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-22 206256]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-4-30 40832]
S4 Ssbsdedcdsto;Ssbsdedcdsto;c:\windows\system32\msg.exe [2007-2-7 20992]

=============== Created Last 30 ================

2009-09-22 21:33 --d----- c:\docume~1\customer\applic~1\PC Tools
2009-09-22 21:29 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-22 21:29 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-22 21:29 28,560 a------- c:\windows\system32\drivers\AVHook.sys
2009-09-22 21:29 21,904 a------- c:\windows\system32\drivers\AVRec.sys
2009-09-22 21:29 21,904 a------- c:\windows\system32\drivers\AVFilter.sys
2009-09-22 21:29 --d----- c:\program files\PC Tools AntiVirus
2009-09-22 21:29 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-22 19:43 --d----- c:\docume~1\customer\applic~1\Malwarebytes
2009-09-22 19:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 19:43 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-22 19:43 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 21:20 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-20 21:18 --d----- C:\Rooter$
2009-09-20 19:47 --d----- c:\program files\common files\PC Tools
2009-09-20 19:27 --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2009-09-20 17:25 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-09-20 16:55 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-20 16:52 --d----- c:\program files\TeaTimer (Spybot - Search &

Destroy)
2009-09-20 16:52 --d----- c:\program files\Misc. Support Library (Spybot -

Search & Destroy)
2009-09-20 16:52 --d----- c:\program files\SDHelper (Spybot - Search &

Destroy)
2009-09-20 16:52 --d----- c:\program files\File Scanner Library (Spybot -

Search & Destroy)
2009-09-20 16:52 --d----- c:\program files\Trend Micro
2009-09-16 15:19 --d----- c:\windows\Logs
2009-09-13 22:11 --dsh--- c:\documents and settings\customer\IECompatCache
2009-09-13 22:11 --d----- C:\Edu
2009-09-13 22:11 --d----- C:\Communities
2009-09-13 22:11 --d----- C:\Investing
2009-09-13 22:11 --d----- C:\GW
2009-09-13 22:11 --d----- C:\Geek
2009-09-13 22:11 --d----- C:\Gaming
2009-09-13 22:11 --d----- C:\Kewl
2009-09-13 22:11 --d----- C:\Stuff
2009-09-13 22:11 --d----- C:\Psychology
2009-09-13 22:11 --d----- C:\P&E
2009-09-13 22:10 --dsh--- c:\documents and settings\customer\PrivacIE
2009-09-13 22:08 --dsh--- c:\documents and settings\customer\IETldCache
2009-09-13 22:05 -cd-h--- c:\windows\ie8
2009-09-09 11:50 126 a------- c:\windows\system32\oeminfo.ini
2009-09-03 23:14 --d----- c:\program files\uTorrent
2009-09-03 23:13 --d----- c:\docume~1\customer\applic~1\uTorrent
2009-09-01 18:13 --d----- c:\docume~1\customer\applic~1\SPORE
2009-08-28 14:02 --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-08-28 13:57 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-08-28 13:57 970,752 a----r-- c:\windows\system32\hpotiop6.dll
2009-08-28 13:57 729,088 a----r-- c:\windows\system32\hpowiax8.dll
2009-08-28 13:57 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-08-28 13:57 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-08-28 13:57 303,104 a----r-- c:\windows\system32\hpovst14.dll
2009-08-28 13:52 --d----- c:\program files\common files\HP
2009-08-28 13:50 157,534 a------- c:\windows\hpoins29.dat
2009-08-28 13:50 986 a------- c:\windows\hpomdl29.dat
2009-08-25 10:40 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-25 10:34 --d--r-- c:\program files\Skype

==================== Find3M ====================

2007-04-30 23:04 92,064 a------- c:\documents and settings\customer\mqdmmdm.sys
2007-04-30 23:04 79,328 a------- c:\documents and settings\customer\mqdmserd.sys
2007-04-30 23:04 66,656 a------- c:\documents and settings\customer\mqdmbus.sys
2007-04-30 23:04 25,600 a------- c:\documents and settings\customer\usbsermptxp.sys
2007-04-30 23:04 22,768 a------- c:\documents and settings\customer\usbsermpt.sys
2007-04-30 23:04 9,232 a------- c:\documents and settings\customer\mqdmmdfl.sys
2007-04-30 23:04 6,208 a------- c:\documents and settings\customer\mqdmcmnt.sys
2007-04-30 23:04 5,936 a------- c:\documents and settings\customer\mqdmwhnt.sys
2007-04-30 23:04 4,048 a------- c:\documents and settings\customer\mqdmcr.sys

============= FINISH: 14:30:25.98 ===============

Hello.
Can you post the other log [attach.txt?], there's a few things that need to go.

I'm not sure if you wanted me to attach it as a file or not. I tried to but couldn't find how to attach files to my post. Here it is though


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/7/2007 12:02:22 PM
System Uptime: 9/22/2009 9:22:05 PM (17 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-LA
Processor: AMD Athlon(tm) XP 2400+ | CPU 1 | 1996/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 9.944 GiB free.
G: is FIXED (NTFS) - 117 GiB total, 46.849 GiB free.
H: is FIXED (NTFS) - 32 GiB total, 31.795 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_GDR8161B_______________0045____\4&6840D9A&0&1.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD-ROM GDR8161B
PNP Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_GDR8161B_______________0045____\4&6840D9A&0&1.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_NR-7900A___________________________1.08____\4&6840D9A&0&1.1.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC NR-7900A
PNP Device ID: IDE\CDROM_NEC_NR-7900A___________________________1.08____\4&6840D9A&0&1.1.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_SCSIVAX&PROD_DVD/CD-ROM&REV_2.7A\2&82095AC&0&000
Manufacturer: (Standard CD-ROM drives)
Name: SCSIVAX DVD/CD-ROM SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_SCSIVAX&PROD_DVD/CD-ROM&REV_2.7A\2&82095AC&0&000
Service: cdrom

==== System Restore Points ===================

RP52: 7/20/2009 9:45:10 PM - System Checkpoint
RP53: 7/22/2009 10:03:27 AM - System Checkpoint
RP54: 7/23/2009 12:11:00 PM - System Checkpoint
RP55: 7/25/2009 7:25:21 AM - System Checkpoint
RP56: 7/26/2009 10:05:57 AM - System Checkpoint
RP57: 7/27/2009 11:57:18 AM - System Checkpoint
RP58: 7/28/2009 5:15:04 PM - System Checkpoint
RP59: 7/31/2009 8:54:22 AM - System Checkpoint
RP60: 8/1/2009 3:09:44 PM - System Checkpoint
RP61: 8/4/2009 10:58:12 AM - System Checkpoint
RP62: 8/5/2009 11:24:15 AM - System Checkpoint
RP63: 8/6/2009 12:28:20 PM - System Checkpoint
RP64: 8/7/2009 12:30:53 PM - System Checkpoint
RP65: 8/8/2009 12:48:28 PM - System Checkpoint
RP66: 8/9/2009 1:45:07 PM - System Checkpoint
RP67: 8/11/2009 1:03:39 AM - System Checkpoint
RP68: 8/12/2009 8:00:22 AM - System Checkpoint
RP69: 8/13/2009 12:33:30 PM - System Checkpoint
RP70: 8/13/2009 4:42:04 PM - Removed Power Tab Editor 1.7
RP71: 8/14/2009 4:55:45 PM - System Checkpoint
RP72: 8/15/2009 5:12:53 PM - System Checkpoint
RP73: 8/17/2009 1:31:54 PM - System Checkpoint
RP74: 8/18/2009 5:12:44 PM - System Checkpoint
RP75: 8/20/2009 5:12:51 PM - System Checkpoint
RP76: 8/22/2009 4:07:07 PM - System Checkpoint
RP77: 8/25/2009 3:58:12 AM - System Checkpoint
RP78: 8/26/2009 10:44:21 AM - System Checkpoint
RP79: 8/28/2009 12:15:55 AM - System Checkpoint
RP80: 8/29/2009 12:56:53 AM - System Checkpoint
RP81: 8/30/2009 1:23:36 AM - System Checkpoint
RP82: 8/31/2009 1:41:26 AM - System Checkpoint
RP83: 9/1/2009 5:47:55 PM - Removed SPORE
RP84: 9/1/2009 5:52:14 PM - Removed SmartFTP Client
RP85: 9/1/2009 6:07:49 PM - Installed SPORE
RP86: 9/2/2009 6:50:46 PM - System Checkpoint
RP87: 9/3/2009 7:31:07 PM - System Checkpoint
RP88: 9/4/2009 8:25:40 PM - System Checkpoint
RP89: 9/5/2009 8:41:45 PM - System Checkpoint
RP90: 9/6/2009 10:07:09 PM - System Checkpoint
RP91: 9/7/2009 10:49:35 PM - System Checkpoint
RP92: 9/9/2009 1:00:32 AM - System Checkpoint
RP93: 9/10/2009 1:46:18 AM - System Checkpoint
RP94: 9/11/2009 1:53:55 AM - System Checkpoint
RP95: 9/12/2009 2:34:09 AM - System Checkpoint
RP96: 9/13/2009 3:32:02 AM - System Checkpoint
RP97: 9/13/2009 10:06:05 PM - Installed Windows Internet Explorer 8.
RP98: 9/14/2009 10:23:55 PM - System Checkpoint
RP99: 9/15/2009 10:41:27 PM - System Checkpoint
RP100: 9/16/2009 6:08:38 AM - Installed WinZip 12.1
RP101: 9/16/2009 3:10:31 PM - Installed Call of Duty(R) - World at War(TM)
RP102: 9/16/2009 3:28:45 PM - Removed Call of Duty(R) - World at War(TM)
RP103: 9/17/2009 7:28:34 PM - System Checkpoint
RP104: 9/18/2009 8:17:49 PM - System Checkpoint
RP105: 9/19/2009 1:34:58 AM - Removed iTunes
RP106: 9/20/2009 7:11:52 AM - System Checkpoint
RP107: 9/21/2009 7:30:11 AM - System Checkpoint
RP108: 9/22/2009 7:49:40 AM - System Checkpoint

==== Installed Programs ======================


µTorrent
32 Bit HP CIO Components Installer
Ace DivX Player
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AutoIt v3.2.2.0
Bonjour
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
CDBurnerXP Pro 3
Copy
Counter-Strike
CPL All-in-One
CustomerResearchQFolder
D-Link AirPlus G Wireless LAN Adapter
Day of Defeat
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DGOControls
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
e-Sword
eSupportQFolder
Finale 2009
Finale NotePad 2008
FLAC Installer 1.1.3b (remove only)
Free MP3 Sound Recorder v1.9
Garritan Instruments for Finale 2009
Google Chrome
Google Earth
Google Gears
GPBaseService
Hotfix for Windows Media Format 11 SDK (KB929399)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.14)
NotePad++ 3.6
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OpenOffice.org 2.4
PanoStandAlone
PartyPoker
PC Tools AntiVirus 6.1
Power Tab Librarian
PowerISO
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QFolder
QuickTime
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SeekService 1.0 build 129
Sibelius Scorch Plugin
Skype 4.1
SmartWebPrintingOC
Software Update for Web Folders
SolutionCenter
SPORE
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Status
Steam
TaskSwitchXP
Team Fortress Classic
Toolbox
TortoiseSVN 1.4.5.10425 (32 bit)
TrayApp
TuneUp Utilities 2008
UnloadSupport
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Ventrilo Client
VideoToolkit01
Viewpoint Media Player
VLC media player 0.9.4
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
WinRAR archiver
WinZip 12.1
XML Paper Specification Shared Components Pack 1.0
XPize 4.6 BETA 2
Xvid 1.1.3 final uninstall

==== End Of File ===========================

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Viewpoint Media Player

How is the machine running now?

Sometimes the computer doesn't boot now. It gets stuck at the screen before the Windows XP family log on screen shows up. It boots just fine into safe mode every time, but maybe 1 out of 3 times in normal mode.

But once I'm up and running, everything seems to work just fine with one exception: I can't install Spybot. To be fair, I think it's because I haven't been able to completely delete the old corrupted version that the malware got a hold of.

Hello.
Yes, as you noticed, the malware has the ability to temporarily lock files like Spybot and that completely stops them from working.
We can unlock them using tools, but the method of uninstalling, then re-installing also works.

I tried the uninstall / reinstall method and it gave me problems on the reinstall. It's okay though, with a quick Google search I figured out how to get rid of the culprit files so I'm all set in that area now.

As for the booting issue I'm not sure what's causing it to act so funky. I might try a repair install of XP to see if that fixes the problem. Other than that the computer is running fantastic. You guys are awesome! Thank you very much!