Spybot and HJT won't run

[TassieWarrior]

I think i have a malware problem and it isn't letting me run spybot, Something has changed the file names in the folder with what looks like (HGFDFTDYDFGYTDT) that! i have been through renaming the .scr and .exe files and it then will allow spybot to open and let me do anything except when you go to check for problems, it then just closes spybot and when you go to re open spybot it comes up with a windows box that says either the file is write-protected or the user does not have permission to access this file,
I then downloaded HJT and installed it alright i did a scan and save and it got halfway through it and the program shutdown and then now when you go to reopen it it comes up with the same box as with spybot. What can i do now please?

[TassieWarrior]

I was able to get a win32kdiag log, well part of it anyway, i will post it up here, hopefully it may help

[Blade81]

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

[TassieWarrior]

This is the log file you requested, thank you for helping

Volume in drive C has no label.
Volume Serial Number is B8E0-0EAF

Directory of C:\WINDOWS\$NtServicePackUninstall$

28/02/2006 11:00 PM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

28/02/2006 11:00 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

28/02/2006 11:00 PM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 11:12 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 11:12 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 11:11 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

14/04/2008 11:12 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

14/04/2008 11:12 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

14/04/2008 11:11 AM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Total Files Listed:
9 File(s) 1,937,920 bytes
0 Dir(s) 12,910,960,640 bytes free

[Blade81]

Hi again

• Download The Avenger by Swandog46 from here.
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
• Click OK.
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
• Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
  
  Code:

  Files to move:
  C:\WINDOWS\ServicePackFiles\i386\eventlog.dll|C:\WINDOWS\system32\eventlog.dll

• In the avenger window, click the Paste Script from Clipboard, button.
• Click the Execute button.
• You will be asked Are you sure you want to execute the current script?.
• Click Yes.
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
• Click Yes.
• Your PC will now be rebooted.
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
• Please post this log in your next reply.

[TassieWarrior]

Here is the log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\ServicePackFiles\i386\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.