I was able to run MBAM (without resident protection) to remove Additional Guard from the system and am unable to find any leftover files or registry keys.
I am now trying to run a clean boot using msconfig to disable all non-microsoft services and all startup programs. Msconfig reports an access denied error when trying to change a service.
McAfee suite was previously installed on this system, but no longer functioned after "Additional Guard" appeared and was uninstalled because of a failed attempt at reinstallation after removal of AG with MBAM. The McAfee software will not install successfully. AVG Free edition fails to install because it reports that Additional guard is already installled.
In the course of removing the malware, I had to do some fancy sidestepping to remove a bogus Hosts file. I could not get access rights to the file for editing or deletion, but was able to rename it. I scanned for rootkits with gmer but was unable to find anything obvious.
What else could be going on? Specifically:
(1) What is causing the access denied error in msconfig (I get this despite running as an administrator in both normal and safe mode).
(2) Where, if not in the registry, could the false(?) information about Additional Guard running be coming from?
Any help is desperately welcome. Hijackthis log is attached