Veteran with a tough one

Dell Dimension 4700 with malware out the wazoo. I'm a 15 year veteran computer geek who has never had to look outside for assistance with cleansing a machine (I've done some tough ones!). Now I'm seeking some help. This is a one of those customers who say "I think it just needs some anti-virus". Ya and a whole lot more! Family machine with three users (man I hate multi-user environments with malware) that has not seen anti virus since the Dell installed trial subscription ran out- 3 1/2 years. Had to replace the OEM drive which threw a code of impending failure on diagnostics. Cloned a new SATA drive and installed. First ran AVG 8.0 in Safe Mode command prompt with CLEAN & TRASH switches just to start. Used Doug Knox's XP .exe repair to get things to execute in Safe or Normal mode. This was just to start so I could get the music, pics and docs off for each user. I wanted to save this install because they didn't do an image backup of the original install- who does? This machine has XP Home, Office XP 2003 and Quickbooks 2006, so I was trying to save the Office and Quickbooks so they wouldn't lose them. and I always use XP Pro- we all know why. Other than trying to save the two high price pre-loaded software suites I was just going to wipe it. When I ran AVG vaulted 63 trojans and such which I wiped. HiJack found 5 pieces of crap. Spybot found 8 items mostly search or shopping crap with to instances of Smitfraud.gs, Smitfraud-C, Smitfraud-C.MSVPS. Adaware 2008 found a few things. I ran CCcleaner to get rid of the temp files and such to make the scans faster and eliminate where some of the baddies hiding in each user's temp files and windows temp files. Decided to run default configured Superspyware and make a log. Scan went well made log. Did winsock repair since my internet was blocked. Reboot as required.

"BSOD STOP: C0000135 {Unable to locate component} This application has failed to start because [name] was not found". Reinstalling the application may fix this problem.

… where [name] is a word starting with the letters ‘base’ (not winsrv) and you can’t boot the machine anymore.

No matter what way I run Superspyware and also Combofix apparently they remove some things that are either needed or the files needed are corrupted. To save time I re-clone the original drive and start over. I have run your repair scenario without my initial scan/removals outside of your repair sequence and in order, Superspyware gives me the STOP error on reboot with a variant of the the "base" filename.


Found the explanation below pertaining to my STOP error. What do you think about it?

Cause

You have inadvertently deleted a file windows ‘thinks’ it needs, but doesn’t really. The malware you removed hijacked a registry entry to ensure it is loaded with every Windows session, so you have to un-hijack the registry it to fix it, basically pointing Windows to the original non-malware version of the file it thinks it needs.


Solution

* Load the hijacked “SYSTEM” hive file on a clean system. (You can do this any way you wish. You can use Windows PE, or another Windows machine; it basically goes like this)
o Get access to the file called “system” on the infected machine in the folder C:\windows\system32\config (the previous path may be different if Windows is installed in a different folder or on a different drive letter)
o Use the clean system to run regedit, highlight the “HKEY_LOCAL_MACHINE” branch at the left, click “File”, then “Load Hive…”, and point it to the “system” file I talked about above.
o Regedit will ask you for a name. Just call it “FIX”.
* Next, navigate to: HKEY_LOCAL_MACHINE\FIX\CurrentControlSet\Control\Session Manager\SubSystems
o The folder above called CurrentControlSet may be called ControlSet1 or ControlSet2, or the like. There may be more than one. If you are unsure which one to use, perform the following steps in all of them.
* At the right, you will see the value at the right called “Windows”. This is the infected registry value. You must replace the value with the following, all on one line:
o At the right, right click on the item called “Windows”, and select “Modify”, then paste in the following value:
o %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
* When done, go back to the top and highlight the FIX folder underneath HKEY_LOCAL_MACHINE. Then click “File” and “Unload Hive…”
* Put your fixed machine back together (i.e. put the hard drive back in it, or throw the fixed system file back in the right place . .. or basically reverse whatever you did to get access to the system file )
* Boot up your fixed computer.