Alright. My friend is currently in a state of computer trouble. MBAM won't run, HJT won't run, SUPER AntiSpyware won't run. She can't run her computer in normal mode, as it shuts itself down. But in safe mode, she's fine. We have no idea how to save it, aside from formatting, which she wants to avoid. Any ideas?

The only suspicion we have is a file that's running in processes :

O23 - Service: sopidkc Service (sopidkc) - Sigma Designs Inc - C:\WINDOWS\system32\sopidkc.exe

( we got hjt to run by changing the exe name but we're still having problems getting mbam to install )

Update : After a struggle, MBAM finally installed!
Update #2 : But it won't scan.
Update #3 : Okay! Got it to scan! Man, this is a lot of work : < changing names, reinstalling, whatnot

Update #4 : MBAM Scan Results :

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

8/3/2009 2:46:09 PM
mbam-log-2009-08-03 (14-46-04).txt

Scan type: Quick Scan
Objects scanned: 110623
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 10
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (regedit.exe %1) Good: (regedit.exe "%1") -> No action taken.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\EvdoServer.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Boo\Local Settings\Temp\db.exe (Trojan.Downloader) -> No action taken.

http://forum.piriform.com/index.php?showtopic=20120

We've tried. It's kinda hard if her antivirus won't scan. :<
Or any of the others we tried.

try this

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • C:\WINDOWS\system32\svchost.exe
  
  
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.