shell32.dll kernell

Welcome to Majorgeeks!

Please attach the other logs requested in the READ ME:

• Bitdefender - from step 6
• Panda Scan - from step 6

 

Is your copy of Spyware Doctor (which is old by the way) a paid version or a free version? If free, uninstall it now.

And while in Add/Remove programs, uninstall the below two old versions of Sun Java:
J2SE Runtime Environment 5.0 Update 6"
Java 2 Runtime Environment, SE v1.4.2_12"


I don't see any major malware issues. You just have some minor cleanup to do. The reason for those files being changed is probably due to installing some Windows updates recently.

Make sure viewing of hidden files is enabled (per the tutorial).
Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\program files\common files\Totem Shared <--- the whole folder:

Now reboot in normal mode.

Now attach a new HJT log and tell me how the steps went.

Also attach a new logs from GetRunKey.

Make sure you tell me how things are working now!

 

You did not answer my question about Spyware Doctor and I still see it installed. Does that mean it is a paid version?

Did you add the fixWLK.reg registry patch to the registry?
Did you get a success message?

The reason I ask is because it does not look like it was added.

Please do the below:

• Click Start, Run, and enter MSconfig and click OK.
• Now click Normal Start then click Apply and then OK.
• Now reboot.
• Now add that fixWLK.reg registry patch to the registry again and make sure you tell me exactly what happens.
• Now attach a new log from GetRunKey.

 

No! Keep it but uninstall Windows Defender to avoid conflicts. Then reboot before continuing to the below.

It still did not work. Possibly this is due to Windows Defender & Spyware Doctor blocking the changes. Or it could be due to you not having permission to change those registry keys. Now the Windows Defender is uninstalled, disable (shutdown) Spyware Doctor and do the below:

• run MSconfig and select Normal Startup (if already selected just tell me). Exit MSconfig but do not reboot if it tells you to do so.
• now reapply the registry patch one more time
• Now reboot into safe mode and run the registry patch one more time from safe mode
• Now reboot into normal mode and attach a new GetRunKey and a new log from ShowNew

 

Uninstall the signatures too!

Not true! Observe direct from your HJT log:

It does not runn the scanner by default but the service for the program and active protection are always loaded and running at startup.

Yes but this time it worked!

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!