Okay all worked, until it tried running imgburn.exe the it said open with.

BUT!!!
Rogue Killer ran once i unchecked the check mark stating do not let file change system.

here is the log

iller V4.3.7 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan – Date : 04/06/2011 16:34:59

Bad processes: 0

Registry Entries: 5
[FILEASSO] HKCU[…]Software\Classes.exe\shell\open\command : (“C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe” -a “%1” %) → FOUND
[FILEASSO] HKCU[…]Software\Classes\exefile\shell\open\command : (“C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe” -a “%1” %) → FOUND
[FILEASSO] HKCR[…]exefile\shell\open\command : (“C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe” -a “%1” %) → FOUND
[FILEASSO] HKCR[…].exe\shell\open\command : (“C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe” -a “%1” %) → FOUND
[FILEASSO] HKLM[…]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : (“C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”) → FOUND

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

You should now be able to run OTS

I need to see what updates tgzy has done

Oops did you run roguekiller with option 2

delete option? no do i just re-run it with delete option?

here also this is what its reading even when runnin as administer

Run it with option 2 If that fails I will create a batch file

With option 2 it fails, OTL though is now running log will follow.

Progress ;D

I am only halfway through the batch file at the moment - maybe I won’t need it

here the log, only one showed up

I should have mentioned earlier but the desktop is not accessible for download location and all files currently on desktop will not work.

OK lets give this a shot

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\Owner\Local Settings\Application Data\3lhqy33xpt11p
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\All Users\Application Data\3lhqy33xpt11p
[Files - No Company Name]
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\Owner\Local Settings\Application Data\3lhqy33xpt11p
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\All Users\Application Data\3lhqy33xpt11p
NY ->  0908201015103842.bat -> C:\Program Files\0908201015103842.bat
NY ->  0907201015510757.bat -> C:\Program Files\0907201015510757.bat
[File - Lop Check]
NY ->  mJhLkDf01805 -> C:\Documents and Settings\All Users\Application Data\mJhLkDf01805
[Custom Items]
:Reg
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files \Internet Explorer\iexplore.exe"
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\exefile]
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

here is the log after reboot.

EDIT: Sorry for it being such a quick post, I had stuff i was doing around the house and stuff as well.
But I’m free and ready to continue now

I now have control over dektop icons and all my exe files!!
Running Malware bytes right now will post log

Okay here is an MBAM Scan log, and an ashwmbr scan, hope it helps!!

Combofix log, and full MBAM scan. Noticeable infection still present with the systems performance. Much more sluggish and less responsive. Avast does not load up with windows, but has fully updated, windows firewall was successfully launched and is now running, windows update will not start though, tried going to control panel and the settings are set too on but the red x is still in system notifications area.

PS: Thanks so far to essexboy and pondus both of you have saved this systems life!!!

Ok the desktop seems too still be hijacked… I went to open and re run combo fix and Avast popped up a dozen times with different items being attacked heres one of the many that came up.

OK that is to be expected as Combofix does a lot of the same sort of actions as a virus/malware

So what you were doing was reacting to some elements of combofix loading/running

It appears that combofix does not like the alot toolbar ;D

Could you let me know what problems remain please - ignoring the combofix notifications from Avast

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Avast does not load with Windows, the icon is not in notifications area either, however when I click to load the program it act as if it was already on, task manager shows avast process but only avastsvc.exe… Also Windows update will not configure, or turn on, so I have an security risk in the notification area (xp security, real)
Tried going into control panel toggle updates on and it let me select and apply on to updates but the x remained there stating they were off, tried going to windows update site to update or turn them on from there but was unsucessful in updating and turning them on.

Those are stil my problems and heres my taskmanager as soon as the system turns on.

OK first could you do a repair to Avast - I will have a fix for windows update tommorow

OK windows update repair

Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode

Hey thanks for the windows update fix, unfortunantly Avast! even with being reinstalled will not load with windows, I will attemp the windows update fix and hoefully that will cure this problem but as it stande its still not loading.