[Albedo]

A little while ago I had thought to cleared up my computer of malware infection but now whenever I attempt to ascess Add/Remove Programs or any system tool such as that I get the:

"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

I can't find any way of fixing it so any help would be great.

[evilfantasy]

The computer is infected. Run the steps in This Post and add the logs in the next post.

Make sure to add a new HijackThis log after the other scans are complete.

[Albedo]

Accomplished the steps I was able to access, here are the logs.

[evilfantasy]

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

• Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
• When finished, it will produce a log for you.
• Attach that log in your next reply.

Important:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall

Also add a new HijackThis log.

[Albedo]

First off, I'd like to say thank you for your quick reply. Here are the logs you requested.

[Albedo]

Quick Update: After that last scan I'm able to access Add/Remove Programs so thanks thus far. Is there is any more I need to do please tell me so.

[evilfantasy]

.
We are getting close, just a few more steps.

----------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

----------

Open HijackThis and select Do a system scan only then place a check mark next to:

O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {120B31DB-A7C4-489D-FF16-196E7D5C502D} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {2255791B-451B-4311-718F-46EC2EE04788} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {33F5BD61-72F5-2038-0B37-785A41CB1194} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {377B5C82-5630-7394-C4DD-3FA72508E877} - http://85.255.115.229/1/gdnUS250.exe
O16 - DPF: {4EFD7F4E-2D07-7614-0E46-0CA234EDA0EB} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {533F0C05-59A2-1D4E-7174-20A21D88FD90} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {63EAEABA-6B85-5160-0A37-0E5360A91684} - http://85.255.115.229/1/gdnUS250.exe
O16 - DPF: {7648CC76-6EA2-263B-F19B-1ED6133677F1} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {7CF072CA-B4C5-4012-F902-6D60520BEB9B} - http://85.255.115.229/1/gdnUS250.exe

Next close ALL windows except for HijackThis and click Fix checked

----------

Your Java is out of date. Old versions are vulnerable to malware.

Go to www.java.com and download the newest version.

Then go to add/remove programs and uninstall all old versions of Java. The only version that should be in add/remove programs is Java 6 Update 3

-----------

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

----------

Look through this post Keeping yourself safe on the web for tips and free tools.


Let us know if anything else comes up.

[Albedo]

Thank you for all your quick help in resolving this issue. It has helped greatly.

[evilfantasy]

No problem.

Safe surfing............