wolfe90

ComboFix 09-10-17.01 - Compaq_Administrator 10/18/2009 14:33.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.630 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\ryfoweset.bat c:\documents and settings\Compaq_Administrator\Application Data\alot c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\~DFK1f2b89f6.tmp c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\1eaadjc.dll c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\bass.dll c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\kfgresk.dll c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\mjcriu.dll c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\peaadje.dll c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\qwadjb.dll c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\rsaadjd.dll c:\documents and settings\Compaq_Administrator\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat c:\documents and settings\NetworkService\Application Data\alot c:\program files\Common Files\ytahijana.vbs c:\recycler\S-1-5-21-1747318583-4567649160-152461486-7260 c:\recycler\S-1-5-21-2010661713-5919420308-351951909-1890 c:\recycler\S-1-5-21-4394956177-8718818055-102804281-7310 c:\recycler\S-1-5-21-7455710792-1915513333-746371469-6899 c:\recycler\S-1-5-21-9145382785-9885937793-165911786-3011 c:\recycler\S-1-5-21-9319351810-7329929262-910893265-9321 c:\windows\Installer\249e6.msi c:\windows\Installer\2796d17d.msp c:\windows\Installer\2cbd0a64.msp c:\windows\Installer\64d5e.msi c:\windows\Installer\95bfff.msp c:\windows\kb913800.exe c:\windows\qyry.bat c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common c:\windows\system32\disk.dll c:\windows\system32\ps2.bat c:\windows\win32k.sys D:\Autorun.inf Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 ))))))))))))))))))))))))))))))) . 2009-10-18 18:22 . 2009-10-18 18:22 3367094 ----a-w- c:\program files\Combo_F_i_x.exe 2009-10-18 15:49 . 2009-10-08 17:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2009-10-18 15:49 . 2009-10-08 17:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2009-10-18 15:49 . 2009-10-08 17:14 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2009-10-18 15:10 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-18 15:10 . 2009-10-18 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-18 15:10 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-17 20:53 . 2009-10-17 20:53 -------- d-----w- c:\program files\Trend Micro 2009-10-17 20:52 . 2009-10-17 20:52 -------- d-----w- c:\program files\Tresdfnd Micro 2009-10-17 20:35 . 2009-10-17 20:42 -------- d-----w- c:\program files\goofyjuice 2009-10-17 20:20 . 2009-10-17 20:27 -------- d-----w- c:\program files\Spybot - Sjegjargjch & Djestroy 2009-10-17 19:33 . 2009-10-17 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-10-17 14:23 . 2009-10-17 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-10-17 14:23 . 2009-10-17 14:23 -------- d-----w- c:\program files\IObit 2009-10-17 13:30 . 2009-10-17 13:40 -------- d-----w- c:\program files\swkiller.mbam1.exe 2009-10-17 03:08 . 2009-10-17 03:08 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-17 01:44 . 2009-10-17 01:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-17 01:28 . 2009-10-17 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-17 01:28 . 2009-10-17 13:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-17 00:49 . 2009-10-17 00:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-10-17 00:47 . 2009-10-17 00:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-02 00:10 . 2009-10-02 00:15 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GetRightToGo 2009-09-19 14:21 . 2009-09-19 14:21 -------- d-----w- c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 18:31 . 2009-08-01 01:01 -------- d-----w- c:\program files\Spyware Doctor 2009-10-18 18:17 . 2007-04-03 17:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-18 15:49 . 2009-08-01 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-18 15:23 . 2009-02-15 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-17 01:13 . 2008-08-28 04:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Skype 2009-10-17 01:08 . 2009-09-14 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\IGN_DLM 2009-10-16 07:04 . 2006-02-22 05:00 -------- d-----w- c:\program files\Microsoft Works 2009-10-15 00:29 . 2006-09-14 00:28 2750 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat 2009-10-12 22:03 . 2008-03-08 17:23 -------- d-----w- c:\program files\World of Warcraft 2009-10-08 02:01 . 2009-08-12 00:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-06 21:51 . 2007-03-03 17:20 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-06 20:31 . 2009-08-01 01:01 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-24 12:55 . 2009-08-01 01:01 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-09-23 20:10 . 2009-08-01 01:01 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-19 14:21 . 2008-08-28 04:07 -------- d-----w- c:\program files\Skype 2009-09-19 14:21 . 2008-08-28 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-16 07:20 . 2009-10-17 01:47 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 22:00 . 2006-02-22 04:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-15 10:20 . 2009-10-18 15:36 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 06:12 . 2009-10-18 15:36 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 05:01 . 2009-10-18 15:36 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-14 23:10 . 2009-09-14 23:10 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-09-14 21:20 . 2009-09-14 21:20 -------- d-----w- c:\program files\NCsoft 2009-09-13 17:24 . 2008-08-10 20:44 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks 2009-09-13 15:58 . 2009-09-13 15:58 -------- d-----w- c:\program files\Microsoft Games 2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 23:16 . 2009-09-04 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd 2009-09-04 23:14 . 2009-09-04 23:11 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-09-04 23:11 . 2009-09-04 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech 2009-09-04 23:11 . 2009-09-04 23:11 -------- d-----w- c:\program files\Logitech 2009-09-04 23:01 . 2009-09-04 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-09-04 21:03 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 13:45 . 2009-08-01 01:01 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-09-01 19:47 . 2009-09-01 19:47 -------- d-----w- c:\program files\Teamspeak2_RC2 2009-08-29 23:56 . 2006-12-27 02:05 -------- d-----w- c:\program files\Guild Wars 2009-08-29 16:44 . 2009-08-29 16:44 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Octoshape 2009-08-28 04:34 . 2009-08-28 04:34 -------- d-----w- c:\program files\Common Files\eSellerate 2009-08-26 17:36 . 2007-03-02 15:04 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3 2009-08-26 08:00 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll 2009-08-25 16:41 . 2009-08-25 16:40 -------- d-----w- c:\program files\BearShare 2009-08-24 03:45 . 2006-06-21 18:17 -------- d-----w- c:\program files\Yahoo! 2009-08-22 18:19 . 2009-08-22 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-20 18:14 . 2009-08-20 06:59 -------- d-----w- c:\program files\Poker Indicator 2009-08-17 15:52 . 2009-08-15 07:14 122680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-12 19:52 . 2006-02-22 04:49 50472 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-10 11:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-10 11:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-01 13:19 . 2009-08-01 02:33 120 ----a-w- c:\windows\Wtuyiwar.dat 2009-08-01 02:02 . 2009-08-01 02:02 0 ----a-w- c:\windows\system32\cmpwrap.dat 2009-07-25 09:23 . 2008-12-17 11:21 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-18 16:08 . 2009-07-18 16:08 19470 ----a-w- c:\program files\Common Files\ujysopyny.bin 2009-07-18 16:08 . 2009-07-18 16:08 10771 ----a-w- c:\program files\Common Files\kedalanilo.pif . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2005-02-16 81920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2006-12-25 303104] Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/31/2009 9:01 PM 207280] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/18/2009 11:49 AM 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/18/2009 11:49 AM 59664] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/31/2009 9:01 PM 229304] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/3/2008 10:30 PM 24652] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [7/31/2009 9:01 PM 70408] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/31/2009 9:01 PM 358600] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/18/2009 11:49 AM 33552] S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?] . Contents of the 'Scheduled Tasks' folder 2009-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57] 2009-10-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: &Search IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: yahoo.com Trusted Zone: trymedia.com . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE HKU-Default-Run-minix32 - c:\windows\system32\minix32.exe SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-2Wire SetupWiz - c:\program files\2Wire\Uninstaller.exe AddRemove-{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1 - c:\windows\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-18 14:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(792) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll - - - - - - - > 'explorer.exe'(2044) c:\windows\system32\WININET.dll c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\arservice.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\combofix\CF27527.exe c:\progra~1\Yahoo!\browser\ycommon.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2009-10-18 14:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-18 18:47 Pre-Run: 148,539,748,352 bytes free Post-Run: 148,698,001,408 bytes free 283 --- E O F --- 2009-10-18 07:01

The system shutdown with the bubble says it has to do with the DCOM server process launcher and is authorized bt NT authority\system. If that has any significance.

I have spent the last few hours browsing the forum and trying to fix my poor computer but nothing has worked. Here's some info you might need: I am running Windows XP and I have McAfee Antivirus and PC Tools Spyware Doctor installed on my computer. It first started as a google redirecting thing where everytime i searched something it brought up the search results but whenever i clicked the link it would go to some other site. I've tried to run a McAfee scan, but the message "Error starting on demand scanner" pops up. The SystemGuard protection disables itself seconds after I fix it. The Spyware Doctor scan comes up with low-risk cookie malware items, but nothing other than that. I've installed Malwarebytes and would start a scan on the inital launch after downloading it would start scanning, but after less than a minute it would close and when I try to restart them I got a message saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.