Messed up worm/malware problem...

Ok to start off, I was searching for a crack for Registry Mechanic 5.0 and not thinking I downloaded a supposed keygen named "Registry_Mechanic_5.0.0.140_crack_by_Nacho.exe". So I scanned it with Norton, and was a little suspicious since it was an .exe but since it found nothing, I opened it, it proceeded to create two more files "Registry_Mechanic_5.0.0.140_crack.exe" and "Nacho.nfo" and I opened them without scanning, not thinking. Well, hell breaks loose. I get flooded with Symantec popups apparently trying to spam e-mails or something saying "Your e-mail was unable to be sent because your mail server rejected the message." with a progress bar at the bottom that goes from 0-100%. (I disconnected my internet cable) There are like hundreds of these. Naturally I look in the running applications etc. to see wtf is up and try to close a few things, and after about 15 mins of fighting it I get the popups to stop, but there are still error messages and my background is now stuck on a blue creen with a black box inside that says "spyware infected" in big red letters. This desktop thing may be a seperate spyware from the first because I normally am used to getting a few spyware/maleware when searching for cracks. Nothing like this though. I managed to run CCleaner, spybot, ad-aware, and Norton. Norton found like 9 things but couldnt remove them, and when I tried searching for the directory it gave me, it didn't exist. Anyway, I tried going over my HJThis log file myself a bit, so my log file may not be 100% up to date. (I can't easily get another as every time I restart now the popups, and spamming begin, and it takes a long time to end it.) I'm using a friends comp, and cant connect to the internet on the infected computer or it auto starts the popups again even if I ended it. (I can't use the online virus check programs you said to use, but I'm pretty sure I got the rest.) Anyway, sorry for the long post, normally I can handle this stuff myself, but this one seems persistent. I attached my log.

PS- alot of the files that the program created aren't even found when searched for on google, which is really messed up... IE.. the error message that shows up every time I restart is s32anage.exe "The exception guard page exception." or an ? sysvcs.exe ? error message I believe.

 

Yes, these appear valid.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wotmania.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wotmania.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blizzard.com/register/war3x/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

I followed the instructions, and the majority of the problem seems to be resolved. I don't get the mass e-mail popups anymore. I still get a "PJLMSCMS.exe" application error that says "The instruction at 0x7c8... referenced memory at hkfads9... The memory could not be "read". Click OK to terminate. When OK is clicked, a S32ANAGE.exe error with the same text shows up. These errors also pop up randomly afterwards, and usually when I open a program as well. Also my background is still stuck on the "SPYWARE INFECTED" thing and I can't find a way to change it. (If I try to change it, it won't even let me click on any of the options in the display/desktop menu thing.) My font is also much smaller than it was before on my folder names/icon names. I attached my HJThis log.

I also still have 2 things on msconfig startup unchecked and I don't know what they are. A blank item, and an item called "winstall.exe".

 

Ok, first off, thank you very much for all your help, the vast majority of the problem is fixed.

Second, and this is probably going to aggravate you, is I still have one process in msconfig unchecked from when I was trying to control all the mass popups etc. And I'm pretty sure it's bad. It's a blank item that has no command, and all it says is "Software\Microsoft\CurrentVersion\Run" under the location.

I'm not sure, but it may be this or something related to this causing the rest of my problems.

I still get a "PJLMSCMS.exe" application error that says "The instruction at 0x7c8... referenced memory at hkfads9... The memory could not be "read". Click OK to terminate. When OK is clicked, a S32ANAGE.exe error with the same text shows up. I get random Internet Explorer popups every now and then when I'm browsing the net. (And my computer skin changes back to the default skin every time I go into the display menu. But this is insignificant.)

How should I get rid of this... Just activate it and repost my log?

Log attached, it's much smaller now probably because I ran Registry Mechanic.

PS- Sorry for all the trouble. Must get super annoying having to deal with retards like me all day...

 

Yeah, thanks, it worked nicely.

The error pops up every time I reboot 100% of the time, when I open a folder or My Computer etc. 25% of the time, and when I go to msconfig 100% of the time. This is all I've noticed so far.

It also popped up quite a few times as I was installing avast! and ZoneAlarm (which apparently don't work together).

Besides that, I think everything is good.

Here's my log incase you need it for something.

 

Ha, Norton was almost as hard to remove as some spyware. I had uninstalled it, but I guess it didnt get everything.

Anyway I ran that scan and here are the results:

 

I'm not 100% sure what that driver is for, but it could be my modem. (which I don't use anymore) And yes, I'm 100% sure thats what the error says. That's partially the reason I thought this was so messed up was because even google couldn't find those errors...

I attached the jpg's of the errors if you want to see what they say.

PS: Thank you again for all your help so far.

 

Norton is fine, I'm not worried about that.

The only thing that turned up when I searched for 'PJLMSCMS.exe' was in the <C:\Windows\Prefetch> directory. Same thing with 'S32ANAGE.EXE'.

Also of note, ZoneAlarm catches all sorts of weird things trying to access the internet etc. Things that don't have any results when typed into google.

 

Ok, some weird things have gone down since the last post ><

First off, yes I deleted all the files in the prefetch folder, they just came back after every time the error popped up.

Second, I downloaded and ran Spy Sweeper. First time through, computer crashed. Second time, it made it all the way through, but crashed again when I went to try to fix everything. Weird thing is, after this, the error message has never appeared again.

I then got ewido and ran it. 30 minutes later, it has detected 43,675 'infected objects'. (And yes, I ran CCleaner before.) I tell it to fix the problems, and that takes 4 hours. The vast vast majority seemed to be <C:\Recycler\NORTON\7481237432.MOZ> or similar type files. Quarantined Norton files?

I attached my ewido and a new HJT log. (SIGH Mozilla wouldn't let me open the manage attachments button. Had to use IE.) ( Now it won't let me attach my ewido log cause I'm assuming because its 8.3mb.)
I'll post some of whats inside it. These appear to be the worst:
C:\Program Files\Apoalway\Cache\00004402_437cfa76_00076417 -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\Program Files\Apoalway\Cache\00006be8_437cfa76_000d9701 -> TrojanDownloader.IstBar.j : Cleaned with
C:\WINDOWS\SYSTEM32\ll.exe -> Trojan.Crypt.l : Cleaned with backup
C:\WINDOWS\SYSTEM32\~update.exe -> Trojan.Crypt.l : Cleaned with backup

Then there is about 43625 different variations of this:
backuphere::mozilla.15:C:\RECYCLER\NPROTECT\00316268.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup