detected NTDLL code modification

You need to explain what you mean by some of the Read and Run was uninstallable ...what happened exactly.

First Disable Spybot's TeaTimer as requested in the READ ME

* Run Spybot and click Mode
* Select Advanced Mode.
* Then click Tools and select Resident.
* Now in the right window pane, uncheck TeaTimer.
* Also while this is open, in the left column now select IE Tweaks
* and then in the right pane make sure all the Miscellaneous locks are unchecked.
* Now quit Spybot!



Now we need to use a new tool.

* Download and save to RenV.exe from following link to Desktop (
must be on the Desktop)
* Now Copy the bold text in the below code box to notepad. Save it as Log.txt to your desktop. (It must be on your Desktop).

Code:

C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\Skype\Phone\Skype .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAR .EXE

* Now using your mouse, drag Log.txt onto RenV.exe
* When finished, RenV.exe will produce a new log names Log.txt on your Desktop I will ask for this log later.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.
Then attach the new logs:

* AVG Antispyware log
* Log.tx from running RenV
* C:\MGlogs.zip

 

You need to re-run AVG and have it fix all that it finds!

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Tell me what these are:
C:\Documents and Settings\Jaime Franzese\Local Settings\Application Data\PSPcsB6Fm0N ---> if you don't know, delete it.


Now use windows explorer to find and delete:
C:\WINDOWS\system32\gebyv.exe
C:\WINDOWS\system32\gebyv.dll_old
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg~1.ini

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this ...and tell me if you have any problems doing the above.

 

This is very strange ....your logs will not open....please delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip ...now redownload it and run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Do you have a program that is disabling startup items:

and also here:

 

It is called AutoRuns Tim. See: Autoruns